----- Original Message -----
From: "Jason Greene" <jason.greene(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>,
wildfly-dev(a)lists.jboss.org
Sent: Tuesday, 7 July, 2015 11:19:52 PM
Subject: Re: [wildfly-dev] Including Keycloak client adapters in WildFly 10
> On Jul 3, 2015, at 6:40 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
>
> Keycloak provides an adapter, including a WildFly extensions, to make it
> easier to add authentication to JavaEE applications with Keycloak.
Sorry for my delay replying. Comments are inline:
>
> It includes a few modules. Currently 8 Keycloak specific modules and one 1
> third-party. The third-party is net.iharder.base64.
We already have many Base64 implementations. It’s pretty easy to pull one in
with cut and paste. Java 8 also provides one, so that could be used.
We can copy/paste it, but would it not be better to include one Base64 lib in WildFly than
have everyone have their own?
>
> As the WildFly extensions includes a deployment processor that configures
> the authentication method as well as dependencies for a deployment it's
> easy to add authentication to a JavaEE application. All you need to do is
> specify it in standalone.xml, for example:
>
> ...
> <secure-deployment name="mywar.war”>
I’m assuming that the DUPs you register match the deployment name with this
key, and then modify the app configuration?
Yep
> <realm>myrealm</realm>
> <realm-public-key>MIIBIjAN...</realm-public-key>
> <auth-server-url>http://localhost:8081/auth</auth-server-url>
> <ssl-required>EXTERNAL</ssl-required>
> <resource>mywar</resource>
> <credential
>
name="secret">675356d8-2b6b-4602-a74f-7079e0555885</credential>
You probably already did this, but such an attribute should support vault
usage as well so that credentials can be kept out of configs.
No, pretty sure we don't, but we should
> </secure-deployment>
> ...
>
> I'd like to explore if we can add this extension and the required modules
> directly to WildFly 10, rather than require users to add it themselves.
Can you sync up with the elytron team? They are making other changes in this
area, which are not yet in 10, and I want to make sure thats all compatible.
Will do, we need to have a sync with them asap in either case to make sure the Elytron
SPIs cover all use-cases we need.
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev