[aerogear-dev] Keycloak on AeroGear
Matthias Wessendorf
matzew at apache.org
Sun Jan 26 07:41:04 EST 2014
Hello Bruno,
On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> Any specific reason to limit the scope to admin page only? I'm thinking
> about login for regular users
Not sure I follow. What do you mean w/ "regular users"?
Before my change very thing was restricted by Keycloak (/*). I did not
really change there a lot, however I just removed the URLs for
'device-registration' and 'sending':
https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/web.xml#L42-L50
So, currently the following is protected by Keycloak:
* Admin UI (not speaking about a specific admin user)
* REST APIs that are accessed by the Admin UI, like:
- http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/
- http://aerogear.org/docs/specs/aerogear-push-rest/Variants/
Perviously the 'device-registration' and 'sending' URL were protected as
well. Removing them from the 'keycloak protection' is really the only change
Greetings,
Matthias
> —
> abstractj
>
>
> On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <matzew at apache.org>wrote:
>
>> Hello!
>>
>> I have a few more updates:
>>
>> On my branch (a fork from Bruno's branch), the URLs for the actual
>> sending and the device-registration (both 'protected' via HTTP-Basic), now
>> work again. I have 'limited' the scope of the Keycloak 'protection' to the
>> AdminUI.
>>
>> Greetings,
>> Matthias
>>
>>
>>
>> On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf <matzew at apache.org>wrote:
>>
>>> I have updated the branch w/ their recent changes from this weeks
>>> alpha-1 release, and submitted a PR against abstractj's repo:
>>> https://github.com/abstractj/aerogear-unifiedpush-server/pull/1
>>>
>>> More to come
>>>
>>> Greetings,
>>> Matthias
>>>
>>>
>>>
>>> On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira <bruno at abstractj.org>wrote:
>>>
>>>> Good morning peeps, yesterday I started to replace AeroGear Security on
>>>> Unified Push server by Keycloak and you might be asking: “Why?”. Keycloak
>>>> is a SSO with some handy features like TOTP, OAuth2, user management
>>>> support and I think we have too much to contribute, is the only way to have
>>>> some success with security, “divide to conquer" (at least for authorization
>>>> and authentication).
>>>>
>>>> So will ag-security be discontinued? No! Keycloak is still on Alpha and
>>>> we have to test it against our projects before fully replace ag-security,
>>>> but the only way to upstream our needs, is to using it.
>>>>
>>>> This replacement only applies to authentication/authorization features,
>>>> we still have a ton of projects which Keycloak is not able to replace like:
>>>> TOTP, crypto and OAuth2 on mobile, our focus.
>>>>
>>>> - PoC
>>>>
>>>> So let’s talk about this replacement, any dependency on ag-security was
>>>> removed from the push server and replaced by Keycloak:
>>>> https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift
>>>>
>>>> Based on Keycloak examples, I just did copy & paste from one of the
>>>> demos (https://github.com/abstractj/auth-server/tree/openshift) to
>>>> create a server. Keycloak requires Resteasy 3.0.4, for this reason I had to
>>>> manually replace some modules on JBoss.
>>>>
>>>> To test it go to: http://push-abstractj.rhcloud.com/ag-push/ you must
>>>> be redirected to Keycloak, enter:
>>>>
>>>> username: john at doe.com
>>>> password: password
>>>>
>>>> You must be redirected to agpush console, keep in mind that I took some
>>>> shortcuts to get this demo working, so for example the create will fail
>>>> because I removed everything related into the ember interface.
>>>>
>>>> Is also possible to enable TOTP, user’s registration and whatever you
>>>> want.
>>>>
>>>> So what do you think?
>>>>
>>>> --
>>>> abstractj
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog: http://matthiaswessendorf.wordpress.com/
>>> sessions: http://www.slideshare.net/mwessendorf
>>> twitter: http://twitter.com/mwessendorf
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140126/59a573a1/attachment.html
More information about the aerogear-dev
mailing list