I didn't focus on this enough last week, sorry, but now I'll ask questions.
In general, can you describe more what this configuration data is?
Is this an optional behavior? Can the necessary configuration be
performed without requiring a call from the keycloak server?
The keycloak server will have to be authenticated as a valid user
authorized to administer the appserver. The account will need to have
high level permissions (Administrator or SuperUser in our RBAC scheme)
since this is presumably security-sensitive stuff being configured. Is
it going to be more user-friendly to have them set all that up versus
having them configure this stuff directly?
Is this configuration sent by the keycloak server meant to be stored in
the persistent config (e.g. standalone.xml)? In a managed domain, the
persistent subsystem configurations are controlled by the master Host
Controller, not by individual servers. So any per-server stuff can only
work with non-persistent data. Also, the HC is not going to deploy a war.
On 2/6/14, 10:01 AM, Jason Greene wrote:
Is JSON not usable by non-Wildfly servers?
On Feb 6, 2014, at 9:55 AM, Bill Burke <bburke(a)redhat.com> wrote:
> We already have a keycloak subsystem. Again, the issue is, the Wildfly mgmt REST
interface is Wildfly specific, with Wildfly peculiarities, using wildfly specific envelope
formats. Not very useful for non-wildfly servers. :)
>
> This isn't just Keycloak though. OpenID Connect has a registration REST API
which is client driven and not IDP driven.
>
> On 2/6/2014 10:38 AM, Tomaž Cerar wrote:
>> Maybe it is really time to write keycloak subsystem, that way you will
>> be able to expose also keycloak config via rest (and other mechanism)
>>
>> --
>> tomaz
>>
>
>> Yet another reason is that it would be cool if there were a unified,
>> common REST API that the Keycloak admin console could use to manage and
>> talk to server instances that want to join or be managed by a Keycloak
>> realm. Without this common REST API, we would have to write a Keycloak
>> server adapter (and UI screens) to handle them, which would mean that
>> the Keycloak server would probably have to be shut down too to install
>> any new adapter.
>>
>> The OP asked how to get access, locally, to mgmt api/services. Brian's
>> response was, "just use the HTTP interface". I now have 2 reasons
why
>> "just use the HTTP interface" may not be feasible.
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev
--
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat