12:36 p.m.
On Jun 4, 2014, at 12:23 PM, Jason Greene <jason.greene(a)redhat.com> wrote:
On Jun 3, 2014, at 1:25 PM, Darran Lofthouse <darran.lofthouse(a)jboss.com> wrote:
>> Both the auth server and admin console are served from the same WAR. It
>> should be possible to deploy this without using a WAR or servlets, but
>> that is not planned for the initial WildFly integration. Because of
>> this current limitation, the auth server and admin console will not be
>> present in a domain controller.
>
> This is going against the current design of AS7/WildFly exposing
> management related operations over the management interface and leaving
> the web container to be purely about a users deployments.
Sorry for my delayed reply. I hadn’t had a chance to read the full thread.
My understanding of the original and still current goal of key cloak is to be more of an
appliance, and also largely independent of WildFly.
From that perspective, I don’t think embedding Keycloak solely to be in the same VM makes
a lot of sense (more details as to why follow). It’s fine to have KeyCloak running on a
WildFly instance (either as a subsystem or a deployment), but to me this seems to be a bit
more of a black box to the user.
So a typical topology, based on the factors I am aware of would look like this:
+------+ Auth +----------+
| +----------------> |
| DC | | Keycloak |
+----+ +----+ | |
| +------+ | +----------+
| |
+---v--+ +--v---+
| | | |
| HC | | HC |
+-+ +-+ +-+ +-+
| +--+---+ | | +--+---+ |
| | | | | |
+v-+ +v-+ +-v+ +v-+ +v-+ +-v+
|S1| |S2| |S3| |S4| |S5| |S6|
+--+ +--+ +--+ +--+ +--+ +--+
Actually it should look like this, if you factor in deployments doing auth as
well.
+------+ Auth +----------+
| +----------------> |
| DC | | Keycloak |
+----+ +----+ | |
| +------+ | +-----^----+
| | |
+---v--+ +--v---+ |
| | | | |
| HC | | HC | | Application Auth
+-+ +-+ +-+ +-+ |
| +--+---+ | | +--+---+ | |
| | | | | | |
+v-+ +v-+ +-v+ +v-+ +v-+ +-v+ |
|S1| |S2| |S3| |S4| |S5| |S6|----------+
+--+ +--+ +--+ +--+ +--+ +--+
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat