[aerogear-dev] Keycloak on AeroGear
Matthias Wessendorf
matzew at apache.org
Tue Jan 7 06:33:54 EST 2014
Something that also comes to mind is: If the UPS relies on KeyCloak, it's
one more complex component that is required for the installation process.
Meaning: At least a running server instance of Keycloak is required. Not
sure if that helps in simplifying things :-)
On Fri, Jan 3, 2014 at 1:52 PM, Matthias Wessendorf <matzew at apache.org>wrote:
> Hello,
>
> it's nice to see an effort for integrating keycloak. Especially the User
> Management part is something which sounds very promising. For instance I
> like how a request against "http://push-abstractj.rhcloud.com/ag-push"
> redirects me to the Keycloak server and after a sucessful login back to the
> AdminUI. Sweet!
>
> I understand this is an early PoC, but the user login bits already look
> good!
>
>
> A few things I noticed:
>
> * After login, I get a list of PushApplications, but I can't click into
> them to see details (I assume this is due to your changes to the ember
> interface - with is perfectly fine)
> * Sending Push Notifications (e.g. using the CURL command) does not work
> (used the PushAppID/MasterSecret from the HTTP REST response on AdminUI
> overview page ;-))
> I assume this is because the endpoint for sending is also protected by the
> SSO/Keycloak facility, hence the HTTP Basic auth is not triggered there
> (guess).
>
> Since the HTTP Basic is also used when a device tries to register against
> a variant, I am guess the same issue is present there as well.
>
> Perhaps the HTTP-Basic for SENDING and DEVICE-REGISTRATION could be done
> w/ something else, e.g. OAuth2
>
>
>
> Greetings,
> Matthias
>
>
>
>
>
> On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira <bruno at abstractj.org>wrote:
>
>> Good morning peeps, yesterday I started to replace AeroGear Security on
>> Unified Push server by Keycloak and you might be asking: “Why?”. Keycloak
>> is a SSO with some handy features like TOTP, OAuth2, user management
>> support and I think we have too much to contribute, is the only way to have
>> some success with security, “divide to conquer" (at least for authorization
>> and authentication).
>>
>> So will ag-security be discontinued? No! Keycloak is still on Alpha and
>> we have to test it against our projects before fully replace ag-security,
>> but the only way to upstream our needs, is to using it.
>>
>> This replacement only applies to authentication/authorization features,
>> we still have a ton of projects which Keycloak is not able to replace like:
>> TOTP, crypto and OAuth2 on mobile, our focus.
>>
>> - PoC
>>
>> So let’s talk about this replacement, any dependency on ag-security was
>> removed from the push server and replaced by Keycloak:
>> https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>>
>> Based on Keycloak examples, I just did copy & paste from one of the demos
>> (https://github.com/abstractj/auth-server/tree/openshift) to create a
>> server. Keycloak requires Resteasy 3.0.4, for this reason I had to manually
>> replace some modules on JBoss.
>>
>> To test it go to: http://push-abstractj.rhcloud.com/ag-push/ you must be
>> redirected to Keycloak, enter:
>>
>> username: john at doe.com
>> password: password
>>
>> You must be redirected to agpush console, keep in mind that I took some
>> shortcuts to get this demo working, so for example the create will fail
>> because I removed everything related into the ember interface.
>>
>> Is also possible to enable TOTP, user’s registration and whatever you
>> want.
>>
>> So what do you think?
>>
>> --
>> abstractj
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140107/067d774f/attachment-0001.html
More information about the aerogear-dev
mailing list