8:20 a.m.
On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
Currently, I'm not overly happy with releasing 1.1.0.Final and
it's down to this issue. I should have raised it before, but it completely slipped my
mind :(
We did talk about this at great length before. I tried and tried to
preserve the "drop it in the file system" approach. It just plain won't
work for domains.
IMO we need:
1. A usable way to deploy a provider without using the CLI GUI
2. Ideally be able to deploy a provider with an offline server
We have 5 ways to
add a provider:
1. CLI
2. CLI GUI
3. CLI script
4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
5. Use the war dist and do it the old way.
Why are these not sufficient?
----- Original Message -----
> From: "Stan Silvert" <ssilvert(a)redhat.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: keycloak-user(a)lists.jboss.org
> Sent: Friday, 16 January, 2015 2:13:24 PM
> Subject: Re: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1
Beta-2
>
> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>> ----- Original Message -----
>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>> Cc: keycloak-user(a)lists.jboss.org
>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
>>> Keycloak 1.1 Beta-2
>>>
>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>> How is a provider added using the CLI? I can't find any examples on
that.
>>> In the doc there is a step-by-step example of how to do it. See section
>>> 3.4.2.2.
>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>> That example uses the CLI GUI, we need one that uses plain CLI
> Plain CLI is harder in this case. CLI GUI lets you browse for the file
> you need. Overall, plain CLI is a lot more error prone.
>
> If you do this once in CLI GUI then you will generate the CLI command
> that you can cut and paste into plain CLI or a script. But if you want,
> I can include an example of that command.
>> There's also another issue with this approach, which I didn't stress
enough
>> last time around, it requires the server to be running to add providers.
>> That makes it much harder to for example create a Docker cartridge that
>> includes some custom providers.
> Perhaps we just need to document the fact that you can still explode the
> WAR and do it the old way?
>>>> Also, there are still several references in the docs and examples that
>>>> uses
>>>> the old approach of copying to WEB-INF/lib.
>>>>
>>>> ----- Original Message -----
>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>> To: keycloak-user(a)lists.jboss.org
>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar
in
>>>>> Keycloak 1.1 Beta-2
>>>>>
>>>>> Providers are now uploaded using WildFly CLI or CLI GUI.
>>>>>
>>>>> See
>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>
>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>
>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> I created a custom User Federation Provider and deployed it as per
the
>>>>> documentation. It worked in earlier versions (1.1 Beta-1) but it
appears
>>>>> that the location of Keycloak war in Wildfly has changed in 1.1
Beta-2
>>>>> version and it is no longer inflated. Can someone suggest where
exactly
>>>>> I
>>>>> have to place the Federation provider jar in 1.1 Beta-2 version?
>>>>>
>>>>> Thanks,
>>>>> Raghu
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
8:42 a.m.
New subject: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
On 1/16/2015 9:20 AM, Stan Silvert wrote:
On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
> Currently, I'm not overly happy with releasing 1.1.0.Final and it's down to
this issue. I should have raised it before, but it completely slipped my mind :(
We did talk about this at great length before. I tried and tried to
preserve the "drop it in the file system" approach. It just plain won't
work for domains.
>
> IMO we need:
>
> 1. A usable way to deploy a provider without using the CLI GUI
> 2. Ideally be able to deploy a provider with an offline server
We have 5 ways to add a provider:
1. CLI
2. CLI GUI
3. CLI script
4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
5. Use the war dist and do it the old way.
6. Create a module for your new provider. Import that module (with
service import too) into the main Keycloak module. Of course this
requires knowledge of JBoss Modules. Not sure if this would work. You
tell me.
BTW, come to think of it, this upload through CLI just won't work, if
the provider has even one third-party library dependency.
Stan, can you explain again the issue with domain mode? Is it that
you're trying to secure the domain controller itself with keycloak?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9:28 a.m.
New subject: Location of User Federation Provider jar in Keycloak 1.1 Beta-2
On 1/16/2015 9:42 AM, Bill Burke wrote:
On 1/16/2015 9:20 AM, Stan Silvert wrote:
> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>> Currently, I'm not overly happy with releasing 1.1.0.Final and it's down
to this issue. I should have raised it before, but it completely slipped my mind :(
> We did talk about this at great length before. I tried and tried to
> preserve the "drop it in the file system" approach. It just plain
won't
> work for domains.
>> IMO we need:
>>
>> 1. A usable way to deploy a provider without using the CLI GUI
>> 2. Ideally be able to deploy a provider with an offline server
> We have 5 ways to add a provider:
> 1. CLI
> 2. CLI GUI
> 3. CLI script
> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
> 5. Use the war dist and do it the old way.
>
6. Create a module for your new provider. Import that module (with
service import too) into the main Keycloak module. Of course this
requires knowledge of JBoss Modules. Not sure if this would work. You
tell me.
I tried that and ran into problems. I consulted with Jason and Stuart
to see if there was any way to get it to work. They concluded that it
probably could be made to work but it would require moving everything
out of the WEB-INF/lib and creating modules for each jar. I don't
remember all the details but I can probably find the chat log where we
discussed it.
At the time I didn't want to go that far because pulling everything out
of the WAR and forcing the user to create modules seemed like too
radical of a change. But maybe we need to revisit that. We've already
been talking about moving more stuff into modules. If we decide to not
support the auth server on other platforms then it would make even more
sense to go ahead and do it because we wouldn't be tied to testing
everything as a WAR.
BTW, come to think of it, this upload through CLI just won't work, if
the provider has even one third-party library dependency.
It still works. You can
upload as many provider jars as you want.
Stan, can you explain again the issue with domain mode? Is it that
you're trying to secure the domain controller itself with keycloak?
The domain controller won't be secured with Keycloak until we integrate
with Elytron. But having Keycloak compatible with domain mode is a
piece of that puzzle.
Deployment scanners are not allowed in domain mode. You upload to the
domain controller and the deployment is distributed to wherever you want
it to run. So there is no place in the file system where you can just
copy a file and have it become part of the deployment. And as I found
out, there is no way to create your own deployment scanner that will
work. The architecture blocks you from doing that.
Operationally, using overlays is a lot cleaner for upgrades, especially
in domain mode. Your provider jar is the thing most likely to change.
So when it does, you just need to upload the one jar and you are done.
Same is true for keycloak-server.json changes.
If you used a single hacked-up WAR, you would need to rebuild the entire
WAR off line and upload the whole thing. So you would also need to keep
up with manually versioning your own customized WAR.
9:32 a.m.
New subject: Location of User Federation Provider jar in Keycloak 1.1 Beta-2
Sent out an invite for a meeting on Monday (4pm CET), is everyone available to join?
I'd like to discuss this issue in person before doing the release.
----- Original Message -----
From: "Stan Silvert" <ssilvert(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, 16 January, 2015 4:28:37 PM
Subject: Re: [keycloak-dev] Location of User Federation Provider jar in Keycloak 1.1
Beta-2
On 1/16/2015 9:42 AM, Bill Burke wrote:
>
> On 1/16/2015 9:20 AM, Stan Silvert wrote:
>> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>>> Currently, I'm not overly happy with releasing 1.1.0.Final and it's
down
>>> to this issue. I should have raised it before, but it completely slipped
>>> my mind :(
>> We did talk about this at great length before. I tried and tried to
>> preserve the "drop it in the file system" approach. It just plain
won't
>> work for domains.
>>> IMO we need:
>>>
>>> 1. A usable way to deploy a provider without using the CLI GUI
>>> 2. Ideally be able to deploy a provider with an offline server
>> We have 5 ways to add a provider:
>> 1. CLI
>> 2. CLI GUI
>> 3. CLI script
>> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
>> 5. Use the war dist and do it the old way.
>>
> 6. Create a module for your new provider. Import that module (with
> service import too) into the main Keycloak module. Of course this
> requires knowledge of JBoss Modules. Not sure if this would work. You
> tell me.
I tried that and ran into problems. I consulted with Jason and Stuart
to see if there was any way to get it to work. They concluded that it
probably could be made to work but it would require moving everything
out of the WEB-INF/lib and creating modules for each jar. I don't
remember all the details but I can probably find the chat log where we
discussed it.
At the time I didn't want to go that far because pulling everything out
of the WAR and forcing the user to create modules seemed like too
radical of a change. But maybe we need to revisit that. We've already
been talking about moving more stuff into modules. If we decide to not
support the auth server on other platforms then it would make even more
sense to go ahead and do it because we wouldn't be tied to testing
everything as a WAR.
>
> BTW, come to think of it, this upload through CLI just won't work, if
> the provider has even one third-party library dependency.
It still works. You can upload as many provider jars as you want.
>
> Stan, can you explain again the issue with domain mode? Is it that
> you're trying to secure the domain controller itself with keycloak?
>
>
The domain controller won't be secured with Keycloak until we integrate
with Elytron. But having Keycloak compatible with domain mode is a
piece of that puzzle.
Deployment scanners are not allowed in domain mode. You upload to the
domain controller and the deployment is distributed to wherever you want
it to run. So there is no place in the file system where you can just
copy a file and have it become part of the deployment. And as I found
out, there is no way to create your own deployment scanner that will
work. The architecture blocks you from doing that.
Operationally, using overlays is a lot cleaner for upgrades, especially
in domain mode. Your provider jar is the thing most likely to change.
So when it does, you just need to upload the one jar and you are done.
Same is true for keycloak-server.json changes.
If you used a single hacked-up WAR, you would need to rebuild the entire
WAR off line and upload the whole thing. So you would also need to keep
up with manually versioning your own customized WAR.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
9:44 a.m.
New subject: Location of User Federation Provider jar in Keycloak 1.1 Beta-2
I am off on Monday. Damn kids have a holiday and I'll be driving them
around to their activities from 7:00am-7pm.
On 1/16/2015 10:32 AM, Stian Thorgersen wrote:
Sent out an invite for a meeting on Monday (4pm CET), is everyone
available to join?
I'd like to discuss this issue in person before doing the release.
----- Original Message -----
> From: "Stan Silvert" <ssilvert(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Friday, 16 January, 2015 4:28:37 PM
> Subject: Re: [keycloak-dev] Location of User Federation Provider jar in Keycloak 1.1
Beta-2
>
> On 1/16/2015 9:42 AM, Bill Burke wrote:
>>
>> On 1/16/2015 9:20 AM, Stan Silvert wrote:
>>> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>>>> Currently, I'm not overly happy with releasing 1.1.0.Final and
it's down
>>>> to this issue. I should have raised it before, but it completely slipped
>>>> my mind :(
>>> We did talk about this at great length before. I tried and tried to
>>> preserve the "drop it in the file system" approach. It just plain
won't
>>> work for domains.
>>>> IMO we need:
>>>>
>>>> 1. A usable way to deploy a provider without using the CLI GUI
>>>> 2. Ideally be able to deploy a provider with an offline server
>>> We have 5 ways to add a provider:
>>> 1. CLI
>>> 2. CLI GUI
>>> 3. CLI script
>>> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
>>> 5. Use the war dist and do it the old way.
>>>
>> 6. Create a module for your new provider. Import that module (with
>> service import too) into the main Keycloak module. Of course this
>> requires knowledge of JBoss Modules. Not sure if this would work. You
>> tell me.
> I tried that and ran into problems. I consulted with Jason and Stuart
> to see if there was any way to get it to work. They concluded that it
> probably could be made to work but it would require moving everything
> out of the WEB-INF/lib and creating modules for each jar. I don't
> remember all the details but I can probably find the chat log where we
> discussed it.
>
> At the time I didn't want to go that far because pulling everything out
> of the WAR and forcing the user to create modules seemed like too
> radical of a change. But maybe we need to revisit that. We've already
> been talking about moving more stuff into modules. If we decide to not
> support the auth server on other platforms then it would make even more
> sense to go ahead and do it because we wouldn't be tied to testing
> everything as a WAR.
>>
>> BTW, come to think of it, this upload through CLI just won't work, if
>> the provider has even one third-party library dependency.
> It still works. You can upload as many provider jars as you want.
>>
>> Stan, can you explain again the issue with domain mode? Is it that
>> you're trying to secure the domain controller itself with keycloak?
>>
>>
> The domain controller won't be secured with Keycloak until we integrate
> with Elytron. But having Keycloak compatible with domain mode is a
> piece of that puzzle.
>
> Deployment scanners are not allowed in domain mode. You upload to the
> domain controller and the deployment is distributed to wherever you want
> it to run. So there is no place in the file system where you can just
> copy a file and have it become part of the deployment. And as I found
> out, there is no way to create your own deployment scanner that will
> work. The architecture blocks you from doing that.
>
> Operationally, using overlays is a lot cleaner for upgrades, especially
> in domain mode. Your provider jar is the thing most likely to change.
> So when it does, you just need to upload the one jar and you are done.
> Same is true for keycloak-server.json changes.
>
> If you used a single hacked-up WAR, you would need to rebuild the entire
> WAR off line and upload the whole thing. So you would also need to keep
> up with manually versioning your own customized WAR.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
8:50 a.m.
New subject: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
On 16.1.2015 15:20, Stan Silvert wrote:
On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
> Currently, I'm not overly happy with releasing 1.1.0.Final and it's down to
this issue. I should have raised it before, but it completely slipped my mind :(
We did talk about this at great length before. I tried and tried to
preserve the "drop it in the file system" approach. It just plain won't
work for domains.
> IMO we need:
>
> 1. A usable way to deploy a provider without using the CLI GUI
> 2. Ideally be able to deploy a provider with an offline server
We have 5 ways to add a provider:
1. CLI
2. CLI GUI
3. CLI script
4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
I've just tried
the exploded WAR approach, but had some issues. What I
did with keycloak appliance was:
- Change the WAR file in
modules/system/layers/base/org/keycloak/keycloak-subsystem/main/auth-server/keycloak-server-1.1.0.Final-SNAPSHOT.war
to be exploded
- Change the configuration property "auth-server-exploded" to true in
modules/system/layers/base/org/keycloak/keycloak-subsystem/main/module.xml
With this auth-server didn't bootstrap for me at startup. Once I added
provider to exploded WAR and pack it back to be file instead of
directory, it started to work and my provider is found.
So in shortcut, adding provider in offline mode works, but I needed to:
unpack, copy provider JAR, pack it back.
Did I something wrong to have exploded WAR working? Also can subsystem
work with having exploded WAR by default? In this case it will be easy
to add provider in offline mode as people can just copy them to unpacked
location inside keycloak subsystem .
Sorry if you already discuss this possibility, I may miss some details
in previous discussion related to this;-)
Marek
5. Use the war dist and do it the old way.
Why are these not sufficient?
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>> To: "Stian Thorgersen" <stian(a)redhat.com>
>> Cc: keycloak-user(a)lists.jboss.org
>> Sent: Friday, 16 January, 2015 2:13:24 PM
>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in Keycloak
1.1 Beta-2
>>
>> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>>> ----- Original Message -----
>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>> Cc: keycloak-user(a)lists.jboss.org
>>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
>>>> Keycloak 1.1 Beta-2
>>>>
>>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>>> How is a provider added using the CLI? I can't find any examples
on that.
>>>> In the doc there is a step-by-step example of how to do it. See section
>>>> 3.4.2.2.
>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>> That example uses the CLI GUI, we need one that uses plain CLI
>> Plain CLI is harder in this case. CLI GUI lets you browse for the file
>> you need. Overall, plain CLI is a lot more error prone.
>>
>> If you do this once in CLI GUI then you will generate the CLI command
>> that you can cut and paste into plain CLI or a script. But if you want,
>> I can include an example of that command.
>>> There's also another issue with this approach, which I didn't stress
enough
>>> last time around, it requires the server to be running to add providers.
>>> That makes it much harder to for example create a Docker cartridge that
>>> includes some custom providers.
>> Perhaps we just need to document the fact that you can still explode the
>> WAR and do it the old way?
>>>>> Also, there are still several references in the docs and examples
that
>>>>> uses
>>>>> the old approach of copying to WEB-INF/lib.
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>>> To: keycloak-user(a)lists.jboss.org
>>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>>> Subject: Re: [keycloak-user] Location of User Federation Provider
jar in
>>>>>> Keycloak 1.1 Beta-2
>>>>>>
>>>>>> Providers are now uploaded using WildFly CLI or CLI GUI.
>>>>>>
>>>>>> See
>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>>
>>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I created a custom User Federation Provider and deployed it as
per the
>>>>>> documentation. It worked in earlier versions (1.1 Beta-1) but it
appears
>>>>>> that the location of Keycloak war in Wildfly has changed in 1.1
Beta-2
>>>>>> version and it is no longer inflated. Can someone suggest where
exactly
>>>>>> I
>>>>>> have to place the Federation provider jar in 1.1 Beta-2 version?
>>>>>>
>>>>>> Thanks,
>>>>>> Raghu
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
9:35 a.m.
New subject: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
I tested exploded mode yesterday with the latest release and it worked
fine for me. Maybe you exploded it at the wrong directory level?
On 1/16/2015 9:50 AM, Marek Posolda wrote:
On 16.1.2015 15:20, Stan Silvert wrote:
> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>> Currently, I'm not overly happy with releasing 1.1.0.Final and it's
>> down to this issue. I should have raised it before, but it
>> completely slipped my mind :(
> We did talk about this at great length before. I tried and tried to
> preserve the "drop it in the file system" approach. It just plain
won't
> work for domains.
>> IMO we need:
>>
>> 1. A usable way to deploy a provider without using the CLI GUI
>> 2. Ideally be able to deploy a provider with an offline server
> We have 5 ways to add a provider:
> 1. CLI
> 2. CLI GUI
> 3. CLI script
> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
I've just tried the exploded WAR approach, but had some issues. What I
did with keycloak appliance was:
- Change the WAR file in
modules/system/layers/base/org/keycloak/keycloak-subsystem/main/auth-server/keycloak-server-1.1.0.Final-SNAPSHOT.war
to be exploded
- Change the configuration property "auth-server-exploded" to true in
modules/system/layers/base/org/keycloak/keycloak-subsystem/main/module.xml
With this auth-server didn't bootstrap for me at startup. Once I added
provider to exploded WAR and pack it back to be file instead of
directory, it started to work and my provider is found.
So in shortcut, adding provider in offline mode works, but I needed
to: unpack, copy provider JAR, pack it back.
Did I something wrong to have exploded WAR working? Also can subsystem
work with having exploded WAR by default? In this case it will be easy
to add provider in offline mode as people can just copy them to
unpacked location inside keycloak subsystem .
Sorry if you already discuss this possibility, I may miss some details
in previous discussion related to this;-)
Marek
> 5. Use the war dist and do it the old way.
>
> Why are these not sufficient?
>> ----- Original Message -----
>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>> Cc: keycloak-user(a)lists.jboss.org
>>> Sent: Friday, 16 January, 2015 2:13:24 PM
>>> Subject: Re: [keycloak-user] Location of User Federation Provider
>>> jar in Keycloak 1.1 Beta-2
>>>
>>> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>>>> ----- Original Message -----
>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>>> Cc: keycloak-user(a)lists.jboss.org
>>>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>>>> Subject: Re: [keycloak-user] Location of User Federation Provider
>>>>> jar in
>>>>> Keycloak 1.1 Beta-2
>>>>>
>>>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>>>> How is a provider added using the CLI? I can't find any
examples
>>>>>> on that.
>>>>> In the doc there is a step-by-step example of how to do it. See
>>>>> section
>>>>> 3.4.2.2.
>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>
>>>> That example uses the CLI GUI, we need one that uses plain CLI
>>> Plain CLI is harder in this case. CLI GUI lets you browse for the
>>> file
>>> you need. Overall, plain CLI is a lot more error prone.
>>>
>>> If you do this once in CLI GUI then you will generate the CLI command
>>> that you can cut and paste into plain CLI or a script. But if you
>>> want,
>>> I can include an example of that command.
>>>> There's also another issue with this approach, which I didn't
>>>> stress enough
>>>> last time around, it requires the server to be running to add
>>>> providers.
>>>> That makes it much harder to for example create a Docker cartridge
>>>> that
>>>> includes some custom providers.
>>> Perhaps we just need to document the fact that you can still
>>> explode the
>>> WAR and do it the old way?
>>>>>> Also, there are still several references in the docs and
>>>>>> examples that
>>>>>> uses
>>>>>> the old approach of copying to WEB-INF/lib.
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>>>> To: keycloak-user(a)lists.jboss.org
>>>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>>>> Subject: Re: [keycloak-user] Location of User Federation
>>>>>>> Provider jar in
>>>>>>> Keycloak 1.1 Beta-2
>>>>>>>
>>>>>>> Providers are now uploaded using WildFly CLI or CLI GUI.
>>>>>>>
>>>>>>> See
>>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>>>
>>>>>>>
>>>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I created a custom User Federation Provider and deployed it
as
>>>>>>> per the
>>>>>>> documentation. It worked in earlier versions (1.1 Beta-1) but
>>>>>>> it appears
>>>>>>> that the location of Keycloak war in Wildfly has changed in
1.1
>>>>>>> Beta-2
>>>>>>> version and it is no longer inflated. Can someone suggest
where
>>>>>>> exactly
>>>>>>> I
>>>>>>> have to place the Federation provider jar in 1.1 Beta-2
version?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Raghu
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list keycloak-user(a)lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
11:19 a.m.
New subject: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
Ok, I figured that I need to unzip WAR directly into auth-server
directory to have structure like
modules/system/layers/base/org/keycloak/keycloak-subsystem/main/auth-server/WEB-INF/...
.
What I did before was converting WAR file to directory of the same name,
so I had structure like:
modules/system/layers/base/org/keycloak/keycloak-subsystem/main/auth-server/keycloak-server-1.1.0.Final-SNAPSHOT.war/WEB-INF/...
Thanks!
Marek
On 16.1.2015 16:35, Stan Silvert wrote:
I tested exploded mode yesterday with the latest release and it
worked
fine for me. Maybe you exploded it at the wrong directory level?
On 1/16/2015 9:50 AM, Marek Posolda wrote:
> On 16.1.2015 15:20, Stan Silvert wrote:
>> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>>> Currently, I'm not overly happy with releasing 1.1.0.Final and it's
>>> down to this issue. I should have raised it before, but it
>>> completely slipped my mind :(
>> We did talk about this at great length before. I tried and tried to
>> preserve the "drop it in the file system" approach. It just plain
>> won't
>> work for domains.
>>> IMO we need:
>>>
>>> 1. A usable way to deploy a provider without using the CLI GUI
>>> 2. Ideally be able to deploy a provider with an offline server
>> We have 5 ways to add a provider:
>> 1. CLI
>> 2. CLI GUI
>> 3. CLI script
>> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
> I've just tried the exploded WAR approach, but had some issues. What
> I did with keycloak appliance was:
> - Change the WAR file in
>
modules/system/layers/base/org/keycloak/keycloak-subsystem/main/auth-server/keycloak-server-1.1.0.Final-SNAPSHOT.war
> to be exploded
> - Change the configuration property "auth-server-exploded" to true in
> modules/system/layers/base/org/keycloak/keycloak-subsystem/main/module.xml
>
> With this auth-server didn't bootstrap for me at startup. Once I
> added provider to exploded WAR and pack it back to be file instead of
> directory, it started to work and my provider is found.
>
> So in shortcut, adding provider in offline mode works, but I needed
> to: unpack, copy provider JAR, pack it back.
>
> Did I something wrong to have exploded WAR working? Also can
> subsystem work with having exploded WAR by default? In this case it
> will be easy to add provider in offline mode as people can just copy
> them to unpacked location inside keycloak subsystem .
>
> Sorry if you already discuss this possibility, I may miss some
> details in previous discussion related to this;-)
>
> Marek
>
>> 5. Use the war dist and do it the old way.
>>
>> Why are these not sufficient?
>>> ----- Original Message -----
>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>> Cc: keycloak-user(a)lists.jboss.org
>>>> Sent: Friday, 16 January, 2015 2:13:24 PM
>>>> Subject: Re: [keycloak-user] Location of User Federation Provider
>>>> jar in Keycloak 1.1 Beta-2
>>>>
>>>> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>>>> Cc: keycloak-user(a)lists.jboss.org
>>>>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>>>>> Subject: Re: [keycloak-user] Location of User Federation
>>>>>> Provider jar in
>>>>>> Keycloak 1.1 Beta-2
>>>>>>
>>>>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>>>>> How is a provider added using the CLI? I can't find any
>>>>>>> examples on that.
>>>>>> In the doc there is a step-by-step example of how to do it. See
>>>>>> section
>>>>>> 3.4.2.2.
>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>>
>>>>> That example uses the CLI GUI, we need one that uses plain CLI
>>>> Plain CLI is harder in this case. CLI GUI lets you browse for the
>>>> file
>>>> you need. Overall, plain CLI is a lot more error prone.
>>>>
>>>> If you do this once in CLI GUI then you will generate the CLI command
>>>> that you can cut and paste into plain CLI or a script. But if you
>>>> want,
>>>> I can include an example of that command.
>>>>> There's also another issue with this approach, which I didn't
>>>>> stress enough
>>>>> last time around, it requires the server to be running to add
>>>>> providers.
>>>>> That makes it much harder to for example create a Docker
>>>>> cartridge that
>>>>> includes some custom providers.
>>>> Perhaps we just need to document the fact that you can still
>>>> explode the
>>>> WAR and do it the old way?
>>>>>>> Also, there are still several references in the docs and
>>>>>>> examples that
>>>>>>> uses
>>>>>>> the old approach of copying to WEB-INF/lib.
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Stan Silvert"
<ssilvert(a)redhat.com>
>>>>>>>> To: keycloak-user(a)lists.jboss.org
>>>>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>>>>> Subject: Re: [keycloak-user] Location of User Federation
>>>>>>>> Provider jar in
>>>>>>>> Keycloak 1.1 Beta-2
>>>>>>>>
>>>>>>>> Providers are now uploaded using WildFly CLI or CLI GUI.
>>>>>>>>
>>>>>>>> See
>>>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>>>>
>>>>>>>>
>>>>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I created a custom User Federation Provider and deployed
it as
>>>>>>>> per the
>>>>>>>> documentation. It worked in earlier versions (1.1 Beta-1)
but
>>>>>>>> it appears
>>>>>>>> that the location of Keycloak war in Wildfly has changed
in
>>>>>>>> 1.1 Beta-2
>>>>>>>> version and it is no longer inflated. Can someone suggest
>>>>>>>> where exactly
>>>>>>>> I
>>>>>>>> have to place the Federation provider jar in 1.1 Beta-2
version?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Raghu
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list keycloak-user(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
9:17 a.m.
New subject: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
----- Original Message -----
From: "Stan Silvert" <ssilvert(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Friday, 16 January, 2015 3:20:18 PM
Subject: Re: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1
Beta-2
On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
> Currently, I'm not overly happy with releasing 1.1.0.Final and it's down to
> this issue. I should have raised it before, but it completely slipped my
> mind :(
We did talk about this at great length before. I tried and tried to
preserve the "drop it in the file system" approach. It just plain won't
work for domains.
I know we did, but I like changing my mind ;)
>
> IMO we need:
>
> 1. A usable way to deploy a provider without using the CLI GUI
> 2. Ideally be able to deploy a provider with an offline server
We have 5 ways to add a provider:
1. CLI
2. CLI GUI
3. CLI script
4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
5. Use the war dist and do it the old way.
1-3. If the CLI was easy to use that would work, except we also need to be able to do it
offline. I don't really like the deployment overalys as it all feels a bit magical and
black boxed.
4. I hate this - the user shouldn't have to explode the WAR and also it's in a
really strange place for a user to find
5. That's not an option for the appliance
Maybe what we could do for now is to create add-provider.sh/bat scripts that makes it
easier to do without any knowledge of CLI.
Can we not use modules as Bill suggests? We could make the keycloak subsystem depend on a
keycloak-providers module and users would register their provider modules there.
Why are these not sufficient?
>
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>> To: "Stian Thorgersen" <stian(a)redhat.com>
>> Cc: keycloak-user(a)lists.jboss.org
>> Sent: Friday, 16 January, 2015 2:13:24 PM
>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
>> Keycloak 1.1 Beta-2
>>
>> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>>> ----- Original Message -----
>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>> Cc: keycloak-user(a)lists.jboss.org
>>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar
in
>>>> Keycloak 1.1 Beta-2
>>>>
>>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>>> How is a provider added using the CLI? I can't find any examples
on
>>>>> that.
>>>> In the doc there is a step-by-step example of how to do it. See
section
>>>> 3.4.2.2.
>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>> That example uses the CLI GUI, we need one that uses plain CLI
>> Plain CLI is harder in this case. CLI GUI lets you browse for the file
>> you need. Overall, plain CLI is a lot more error prone.
>>
>> If you do this once in CLI GUI then you will generate the CLI command
>> that you can cut and paste into plain CLI or a script. But if you want,
>> I can include an example of that command.
>>> There's also another issue with this approach, which I didn't
stress
>>> enough
>>> last time around, it requires the server to be running to add providers.
>>> That makes it much harder to for example create a Docker cartridge that
>>> includes some custom providers.
>> Perhaps we just need to document the fact that you can still explode the
>> WAR and do it the old way?
>>>>> Also, there are still several references in the docs and examples
that
>>>>> uses
>>>>> the old approach of copying to WEB-INF/lib.
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>>> To: keycloak-user(a)lists.jboss.org
>>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>>> Subject: Re: [keycloak-user] Location of User Federation
Provider jar
>>>>>> in
>>>>>> Keycloak 1.1 Beta-2
>>>>>>
>>>>>> Providers are now uploaded using WildFly CLI or CLI GUI.
>>>>>>
>>>>>> See
>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>>
>>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I created a custom User Federation Provider and deployed it as
per the
>>>>>> documentation. It worked in earlier versions (1.1 Beta-1) but
it
>>>>>> appears
>>>>>> that the location of Keycloak war in Wildfly has changed in 1.1
Beta-2
>>>>>> version and it is no longer inflated. Can someone suggest where
>>>>>> exactly
>>>>>> I
>>>>>> have to place the Federation provider jar in 1.1 Beta-2
version?
>>>>>>
>>>>>> Thanks,
>>>>>> Raghu
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
10:41 a.m.
New subject: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
On 1/16/2015 10:17 AM, Stian Thorgersen wrote:
----- Original Message -----
> From: "Stan Silvert" <ssilvert(a)redhat.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: keycloak-dev(a)lists.jboss.org
> Sent: Friday, 16 January, 2015 3:20:18 PM
> Subject: Re: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1
Beta-2
>
> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>> Currently, I'm not overly happy with releasing 1.1.0.Final and it's down
to
>> this issue. I should have raised it before, but it completely slipped my
>> mind :(
> We did talk about this at great length before. I tried and tried to
> preserve the "drop it in the file system" approach. It just plain
won't
> work for domains.
I know we did, but I like changing my mind ;)
>> IMO we need:
>>
>> 1. A usable way to deploy a provider without using the CLI GUI
>> 2. Ideally be able to deploy a provider with an offline server
> We have 5 ways to add a provider:
> 1. CLI
> 2. CLI GUI
> 3. CLI script
> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
> 5. Use the war dist and do it the old way.
1-3. If the CLI was easy to use that would work, except we also need to be able to do it
offline.
We can ship a script that makes this task a little easier as you suggest
below.
As for offline, I don't understand what the problem is. You mentioned
docker, which I haven't looked at much. Why can't you have an image
that was created from an overlaid Keycloak server?
I don't really like the deployment overalys as it all feels a
bit magical and black boxed.
Don't you think it's better than telling them
to hack our WAR?
4. I hate this - the user shouldn't have to explode the WAR and
also it's in a really strange place for a user to find
I hate it too. I almost
wish I hadn't implemented exploded mode. I
re-verified that it is working, btw.
5. That's not an option for the appliance
You still could
do it with the appliance if you wanted.
But the idea of the appliance is that you shouldn't need to change it
except through a UI. That's where the overlay method will really shine,
especially when we can get provider management into our own UI. At that
point, copying jars to a file system will look extremely primitive in
comparison.
Maybe what we could do for now is to create add-provider.sh/bat scripts that makes it
easier to do without any knowledge of CLI.
Can we not use modules as Bill suggests? We could make the keycloak subsystem depend on a
keycloak-providers module and users would register their provider modules there.
> Why are these not sufficient?
>> ----- Original Message -----
>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>> Cc: keycloak-user(a)lists.jboss.org
>>> Sent: Friday, 16 January, 2015 2:13:24 PM
>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
>>> Keycloak 1.1 Beta-2
>>>
>>> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>>>> ----- Original Message -----
>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>>> Cc: keycloak-user(a)lists.jboss.org
>>>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar
in
>>>>> Keycloak 1.1 Beta-2
>>>>>
>>>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>>>> How is a provider added using the CLI? I can't find any
examples on
>>>>>> that.
>>>>> In the doc there is a step-by-step example of how to do it. See
section
>>>>> 3.4.2.2.
>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>> That example uses the CLI GUI, we need one that uses plain CLI
>>> Plain CLI is harder in this case. CLI GUI lets you browse for the file
>>> you need. Overall, plain CLI is a lot more error prone.
>>>
>>> If you do this once in CLI GUI then you will generate the CLI command
>>> that you can cut and paste into plain CLI or a script. But if you want,
>>> I can include an example of that command.
>>>> There's also another issue with this approach, which I didn't
stress
>>>> enough
>>>> last time around, it requires the server to be running to add providers.
>>>> That makes it much harder to for example create a Docker cartridge that
>>>> includes some custom providers.
>>> Perhaps we just need to document the fact that you can still explode the
>>> WAR and do it the old way?
>>>>>> Also, there are still several references in the docs and examples
that
>>>>>> uses
>>>>>> the old approach of copying to WEB-INF/lib.
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>>>> To: keycloak-user(a)lists.jboss.org
>>>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>>>> Subject: Re: [keycloak-user] Location of User Federation
Provider jar
>>>>>>> in
>>>>>>> Keycloak 1.1 Beta-2
>>>>>>>
>>>>>>> Providers are now uploaded using WildFly CLI or CLI GUI.
>>>>>>>
>>>>>>> See
>>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>>>
>>>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I created a custom User Federation Provider and deployed it
as per the
>>>>>>> documentation. It worked in earlier versions (1.1 Beta-1) but
it
>>>>>>> appears
>>>>>>> that the location of Keycloak war in Wildfly has changed in
1.1 Beta-2
>>>>>>> version and it is no longer inflated. Can someone suggest
where
>>>>>>> exactly
>>>>>>> I
>>>>>>> have to place the Federation provider jar in 1.1 Beta-2
version?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Raghu
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list keycloak-user(a)lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
11:25 a.m.
New subject: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
On 16.1.2015 17:41, Stan Silvert wrote:
On 1/16/2015 10:17 AM, Stian Thorgersen wrote:
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>> To: "Stian Thorgersen" <stian(a)redhat.com>
>> Cc: keycloak-dev(a)lists.jboss.org
>> Sent: Friday, 16 January, 2015 3:20:18 PM
>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in Keycloak
1.1 Beta-2
>>
>> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>>> Currently, I'm not overly happy with releasing 1.1.0.Final and it's
down to
>>> this issue. I should have raised it before, but it completely slipped my
>>> mind :(
>> We did talk about this at great length before. I tried and tried to
>> preserve the "drop it in the file system" approach. It just plain
won't
>> work for domains.
> I know we did, but I like changing my mind ;)
>
>>> IMO we need:
>>>
>>> 1. A usable way to deploy a provider without using the CLI GUI
>>> 2. Ideally be able to deploy a provider with an offline server
>> We have 5 ways to add a provider:
>> 1. CLI
>> 2. CLI GUI
>> 3. CLI script
>> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
>> 5. Use the war dist and do it the old way.
> 1-3. If the CLI was easy to use that would work, except we also need to be able to do
it offline.
We can ship a script that makes this task a little easier as you suggest
below.
As for offline, I don't understand what the problem is. You mentioned
docker, which I haven't looked at much. Why can't you have an image
that was created from an overlaid Keycloak server?
> I don't really like the deployment overalys as it all feels a bit magical and
black boxed.
Don't you think it's better than telling them to hack our WAR?
> 4. I hate this - the user shouldn't have to explode the WAR and also it's
in a really strange place for a user to find
I hate it too. I almost wish I hadn't implemented exploded mode. I
re-verified that it is working, btw.
I don't hate it as it provides at least
"some way" to add providers in
offline mode. It allows scripting too as there are just 2 commands
needed in shell to unzip the WAR and copy the provider here. The
locations sucks, but still.... it's better then force users to use CLI ;-)
Marek
> 5. That's not an option for the appliance
You still could do it with the appliance if you wanted.
But the idea of the appliance is that you shouldn't need to change it
except through a UI. That's where the overlay method will really shine,
especially when we can get provider management into our own UI. At that
point, copying jars to a file system will look extremely primitive in
comparison.
> Maybe what we could do for now is to create add-provider.sh/bat scripts that makes it
easier to do without any knowledge of CLI.
>
> Can we not use modules as Bill suggests? We could make the keycloak subsystem depend
on a keycloak-providers module and users would register their provider modules there.
>
>> Why are these not sufficient?
>>> ----- Original Message -----
>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>> Cc: keycloak-user(a)lists.jboss.org
>>>> Sent: Friday, 16 January, 2015 2:13:24 PM
>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
>>>> Keycloak 1.1 Beta-2
>>>>
>>>> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>>>> Cc: keycloak-user(a)lists.jboss.org
>>>>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>>>>> Subject: Re: [keycloak-user] Location of User Federation Provider
jar in
>>>>>> Keycloak 1.1 Beta-2
>>>>>>
>>>>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>>>>> How is a provider added using the CLI? I can't find any
examples on
>>>>>>> that.
>>>>>> In the doc there is a step-by-step example of how to do it. See
section
>>>>>> 3.4.2.2.
>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>> That example uses the CLI GUI, we need one that uses plain CLI
>>>> Plain CLI is harder in this case. CLI GUI lets you browse for the file
>>>> you need. Overall, plain CLI is a lot more error prone.
>>>>
>>>> If you do this once in CLI GUI then you will generate the CLI command
>>>> that you can cut and paste into plain CLI or a script. But if you want,
>>>> I can include an example of that command.
>>>>> There's also another issue with this approach, which I didn't
stress
>>>>> enough
>>>>> last time around, it requires the server to be running to add
providers.
>>>>> That makes it much harder to for example create a Docker cartridge
that
>>>>> includes some custom providers.
>>>> Perhaps we just need to document the fact that you can still explode the
>>>> WAR and do it the old way?
>>>>>>> Also, there are still several references in the docs and
examples that
>>>>>>> uses
>>>>>>> the old approach of copying to WEB-INF/lib.
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Stan Silvert"
<ssilvert(a)redhat.com>
>>>>>>>> To: keycloak-user(a)lists.jboss.org
>>>>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>>>>> Subject: Re: [keycloak-user] Location of User Federation
Provider jar
>>>>>>>> in
>>>>>>>> Keycloak 1.1 Beta-2
>>>>>>>>
>>>>>>>> Providers are now uploaded using WildFly CLI or CLI GUI.
>>>>>>>>
>>>>>>>> See
>>>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>>>>
>>>>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I created a custom User Federation Provider and deployed
it as per the
>>>>>>>> documentation. It worked in earlier versions (1.1 Beta-1)
but it
>>>>>>>> appears
>>>>>>>> that the location of Keycloak war in Wildfly has changed
in 1.1 Beta-2
>>>>>>>> version and it is no longer inflated. Can someone suggest
where
>>>>>>>> exactly
>>>>>>>> I
>>>>>>>> have to place the Federation provider jar in 1.1 Beta-2
version?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Raghu
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list keycloak-user(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
1:42 a.m.
New subject: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
----- Original Message -----
From: "Stan Silvert" <ssilvert(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Friday, 16 January, 2015 5:41:59 PM
Subject: Re: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1
Beta-2
On 1/16/2015 10:17 AM, Stian Thorgersen wrote:
>
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>> To: "Stian Thorgersen" <stian(a)redhat.com>
>> Cc: keycloak-dev(a)lists.jboss.org
>> Sent: Friday, 16 January, 2015 3:20:18 PM
>> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
>> Keycloak 1.1 Beta-2
>>
>> On 1/16/2015 9:07 AM, Stian Thorgersen wrote:
>>> Currently, I'm not overly happy with releasing 1.1.0.Final and it's
down
>>> to
>>> this issue. I should have raised it before, but it completely slipped my
>>> mind :(
>> We did talk about this at great length before. I tried and tried to
>> preserve the "drop it in the file system" approach. It just plain
won't
>> work for domains.
> I know we did, but I like changing my mind ;)
>
>>> IMO we need:
>>>
>>> 1. A usable way to deploy a provider without using the CLI GUI
>>> 2. Ideally be able to deploy a provider with an offline server
>> We have 5 ways to add a provider:
>> 1. CLI
>> 2. CLI GUI
>> 3. CLI script
>> 4. Explode the WAR in the subsystem and drop it in WEB-INF/lib
>> 5. Use the war dist and do it the old way.
> 1-3. If the CLI was easy to use that would work, except we also need to be
> able to do it offline.
We can ship a script that makes this task a little easier as you suggest
below.
As for offline, I don't understand what the problem is. You mentioned
docker, which I haven't looked at much. Why can't you have an image
that was created from an overlaid Keycloak server?
There's two ways to create a Docker image, the most common is to use a DockerFile that
can installs and configures things. Copying a file is a simple one-liner, while starting
the server, waiting for it to be in a certain state and invoking the CLI is a hole
different thing. You also don't want to do this really as it adds entries to the log
files, initiates db, all that kinds stuff that shouldn't be in the "base"
image.
Then there's another issue and that is providers that are used by Keycloak during
startup. For example to replace the db with something custom the user first has to start
the server with one of the built-in adapters. I could see this ending up in a situation
where the server doesn't start with the current provider and a user wants to add a
custom one, but can't as they can't start the server.
> I don't really like the deployment overalys as it all
feels a bit magical
> and black boxed.
Don't you think it's better than telling them to hack our WAR?
Adding a JAR to a folder is simple. Deployment overlays just doesn't give the user the
feeling of being in control IMO. Maybe that's just be not understanding the feature.
> 4. I hate this - the user shouldn't have to explode the
WAR and also it's
> in a really strange place for a user to find
I hate it too. I almost wish I hadn't implemented exploded mode. I
re-verified that it is working, btw.
> 5. That's not an option for the appliance
You still could do it with the appliance if you wanted.
I'm not sure what you're saying here, are you suggesting a user dl the appliance
and the war dist as well?
But the idea of the appliance is that you shouldn't need to change it
except through a UI. That's where the overlay method will really shine,
especially when we can get provider management into our own UI. At that
point, copying jars to a file system will look extremely primitive in
comparison.
I don't agree with that. The idea of the appliance is that it should work OOTB and it
should be easy to do any changes you need. Even if we had a very sleek way of uploading
providers through the admin console, we'd still not to be able to do it from the
command-line.
>
> Maybe what we could do for now is to create add-provider.sh/bat scripts
> that makes it easier to do without any knowledge of CLI.
>
> Can we not use modules as Bill suggests? We could make the keycloak
> subsystem depend on a keycloak-providers module and users would register
> their provider modules there.
>
>> Why are these not sufficient?
>>> ----- Original Message -----
>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>> Cc: keycloak-user(a)lists.jboss.org
>>>> Sent: Friday, 16 January, 2015 2:13:24 PM
>>>> Subject: Re: [keycloak-user] Location of User Federation Provider jar
in
>>>> Keycloak 1.1 Beta-2
>>>>
>>>> On 1/16/2015 2:19 AM, Stian Thorgersen wrote:
>>>>> ----- Original Message -----
>>>>>> From: "Stan Silvert" <ssilvert(a)redhat.com>
>>>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>>>> Cc: keycloak-user(a)lists.jboss.org
>>>>>> Sent: Thursday, 15 January, 2015 9:23:48 PM
>>>>>> Subject: Re: [keycloak-user] Location of User Federation
Provider jar
>>>>>> in
>>>>>> Keycloak 1.1 Beta-2
>>>>>>
>>>>>> On 1/15/2015 9:29 AM, Stian Thorgersen wrote:
>>>>>>> How is a provider added using the CLI? I can't find any
examples on
>>>>>>> that.
>>>>>> In the doc there is a step-by-step example of how to do it.
See
>>>>>> section
>>>>>> 3.4.2.2.
>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>> That example uses the CLI GUI, we need one that uses plain CLI
>>>> Plain CLI is harder in this case. CLI GUI lets you browse for the file
>>>> you need. Overall, plain CLI is a lot more error prone.
>>>>
>>>> If you do this once in CLI GUI then you will generate the CLI command
>>>> that you can cut and paste into plain CLI or a script. But if you
want,
>>>> I can include an example of that command.
>>>>> There's also another issue with this approach, which I
didn't stress
>>>>> enough
>>>>> last time around, it requires the server to be running to add
>>>>> providers.
>>>>> That makes it much harder to for example create a Docker cartridge
that
>>>>> includes some custom providers.
>>>> Perhaps we just need to document the fact that you can still explode
the
>>>> WAR and do it the old way?
>>>>>>> Also, there are still several references in the docs and
examples
>>>>>>> that
>>>>>>> uses
>>>>>>> the old approach of copying to WEB-INF/lib.
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Stan Silvert"
<ssilvert(a)redhat.com>
>>>>>>>> To: keycloak-user(a)lists.jboss.org
>>>>>>>> Sent: Thursday, 15 January, 2015 2:09:56 PM
>>>>>>>> Subject: Re: [keycloak-user] Location of User Federation
Provider
>>>>>>>> jar
>>>>>>>> in
>>>>>>>> Keycloak 1.1 Beta-2
>>>>>>>>
>>>>>>>> Providers are now uploaded using WildFly CLI or CLI
GUI.
>>>>>>>>
>>>>>>>> See
>>>>>>>>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/server-ins...
>>>>>>>>
>>>>>>>> On 1/15/2015 6:46 AM, prab rrrr wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I created a custom User Federation Provider and deployed
it as per
>>>>>>>> the
>>>>>>>> documentation. It worked in earlier versions (1.1
Beta-1) but it
>>>>>>>> appears
>>>>>>>> that the location of Keycloak war in Wildfly has changed
in 1.1
>>>>>>>> Beta-2
>>>>>>>> version and it is no longer inflated. Can someone
suggest where
>>>>>>>> exactly
>>>>>>>> I
>>>>>>>> have to place the Federation provider jar in 1.1 Beta-2
version?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Raghu
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
keycloak-user(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
3988
days inactive
3991
days old
11 comments
4 participants
participants (4)
-
Bill Burke -
Marek Posolda -
Stan Silvert -
Stian Thorgersen