11:19 a.m.
Good morning, I've been working on some ideas for AeroGear, in order
to have UPS and Keycloak in a separated infrastructure. The reason why
this is not possible today, is pretty much related with design
decisions in the past for UPS.
Not sure if this makes some sense or was already discussed. But I was
wondering if we could change the adapters to load an environment
variable like ${keycloak.server.url}. The raw idea is pretty simple:
## Configure the system variable on Wildfly
$JBOSS_HOME/bin/jboss-cli.sh -c --controller=localhost:9992
--command="/system-property=keycloak.server.url:add(value=http://localhost:8083)"
Or just configuring it inside standalone.xml like Hawkular already
does
(http://www.hawkular.org/docs/user/installation-guide.html#_preparing_the_...)
## Pass the variable as argument
{
"realm" : "aerogear",
"auth-server-url" : "${keycloak.server.url}",
"ssl-required" : "external",
"resource" : "unified-push-server",
"bearer-only" : true,
"disable-trust-manager" : true
}
I couldn't find any history related to this topic, besides this ticket
(https://issues.jboss.org/browse/KEYCLOAK-1289).
Do you think this is doable to implement? Or am I missing something?
--
- abstractj
11:35 a.m.
On 20.01.2016 18:19, Bruno Oliveira wrote:
Or just configuring it inside standalone.xml like Hawkular already
does
(http://www.hawkular.org/docs/user/installation-guide.html#_preparing_the_...)
## Pass the variable as argument
{
"realm" : "aerogear",
"auth-server-url" : "${keycloak.server.url}",
"ssl-required" : "external",
"resource" : "unified-push-server",
"bearer-only" : true,
"disable-trust-manager" : true
}
The Wildfly Adapter already supports this: https://git.io/vzBpU
For the keycloak.json used in our UI, we did it as a Servlet:
Template: https://git.io/vzBAU
keycloak.json as servlet: https://git.io/vRdJi
- Juca.
12:15 p.m.
I noticed that looking at Hawkular, but correct if I'm wrong. Today
that's not supported for the client side configuration, unless you
workaround it like you did with Servlets, right?
On Wed, Jan 20, 2016 at 3:35 PM, Juraci Paixão Kröhling
<jpkroehling(a)redhat.com> wrote:
On 20.01.2016 18:19, Bruno Oliveira wrote:
> Or just configuring it inside standalone.xml like Hawkular already
> does
(http://www.hawkular.org/docs/user/installation-guide.html#_preparing_the_...)
>
> ## Pass the variable as argument
>
> {
> "realm" : "aerogear",
> "auth-server-url" : "${keycloak.server.url}",
> "ssl-required" : "external",
> "resource" : "unified-push-server",
> "bearer-only" : true,
> "disable-trust-manager" : true
> }
The Wildfly Adapter already supports this: https://git.io/vzBpU
For the keycloak.json used in our UI, we did it as a Servlet:
Template: https://git.io/vzBAU
keycloak.json as servlet: https://git.io/vRdJi
- Juca.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
- abstractj
12:57 p.m.
On 20.01.2016 19:15, Bruno Oliveira wrote:
I noticed that looking at Hawkular, but correct if I'm wrong.
Today
that's not supported for the client side configuration, unless you
workaround it like you did with Servlets, right?
Right, for the JavaScript Adapter (which loads /keycloak.json by
default), you'd need a workaround like that.
For the Wildfly adapter, it's already supported on the secure-deployment
approach. So, instead of using a keycloak.json within your WAR, you can
protect it via the subsystem.
Not sure about other adapters, though.
- Juca.
12:59 p.m.
keycloak.json already supports system properties, I think it supports
environment variables as well "${env.KEYCLOAK}"
On 20 January 2016 at 19:57, Juraci Paixão Kröhling <juraci(a)kroehling.de>
wrote:
On 20.01.2016 19:15, Bruno Oliveira wrote:
> I noticed that looking at Hawkular, but correct if I'm wrong. Today
> that's not supported for the client side configuration, unless you
> workaround it like you did with Servlets, right?
Right, for the JavaScript Adapter (which loads /keycloak.json by
default), you'd need a workaround like that.
For the Wildfly adapter, it's already supported on the secure-deployment
approach. So, instead of using a keycloak.json within your WAR, you can
protect it via the subsystem.
Not sure about other adapters, though.
- Juca.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
1:14 p.m.
Thank you, will give it another try.
On Wed, Jan 20, 2016 at 4:59 PM, Stian Thorgersen <sthorger(a)redhat.com> wrote:
keycloak.json already supports system properties, I think it
supports
environment variables as well "${env.KEYCLOAK}"
On 20 January 2016 at 19:57, Juraci Paixão Kröhling <juraci(a)kroehling.de>
wrote:
>
> On 20.01.2016 19:15, Bruno Oliveira wrote:
> > I noticed that looking at Hawkular, but correct if I'm wrong. Today
> > that's not supported for the client side configuration, unless you
> > workaround it like you did with Servlets, right?
>
> Right, for the JavaScript Adapter (which loads /keycloak.json by
> default), you'd need a workaround like that.
>
> For the Wildfly adapter, it's already supported on the secure-deployment
> approach. So, instead of using a keycloak.json within your WAR, you can
> protect it via the subsystem.
>
> Not sure about other adapters, though.
>
> - Juca.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
- abstractj
1:19 p.m.
On 20.01.2016 19:59, Stian Thorgersen wrote:
keycloak.json already supports system properties, I think it
supports
environment variables as well "${env.KEYCLOAK}"
Cool, I thought it was only for the ones deployed within WEB-INF, to be
consumed by server adapters. I might even then remove our servlet for that!
Thanks!
- Juca.
3732
days inactive
3732
days old
6 comments
4 participants
participants (4)
-
Bruno Oliveira -
Juraci Paixão Kröhling -
Juraci Paixão Kröhling -
Stian Thorgersen