On 12/10/2013 12:35 PM, Heiko Braun wrote:
I dont understand your second point, but +1 for enabling cors. It
would enable arbitrary use cases that rely on the http endpoint.
But cors is onky one part if the story. The authentication mechanism would need to change
as well, to allow for better integration.
Has anyone evaluated keycloak as an alternative for securing the http management
endpoint?
That's where I think we're headed and I intend to get there
eventually. It's key to doing SSO between the web console and all our
other consoles.
At a first glance it seems to solve many of the problems we've outlined before.
> Am 10.12.2013 um 14:17 schrieb ssilvert(a)redhat.com:
>
> No other console is allowed to use the HTTP management endpoint. So,
> a layered product's console can not control its own subsystem.