[aerogear-dev] Keycloak integration

[Matthias Wessendorf]

Hello,

here is an update on the integration: Bill did some updates to his example
template and worked on more things inside of Keycloak for a better
integration.

Yesterday, I used his example work and applied it to our UPS:
https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-two-war-integration


There is now an 'auth-server' module which produces a WAR (that also
contains an AeroGear theme), to be deployed to the AS:
https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-two-war-integration/auth-server


The 'server' module is using a ContextListener for the configuration work,
instead of the previous keycloak.json file:
https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak-two-war-integration/server/src/main/java/org/jboss/aerogear/unifiedpush/keycloak/BootstrapListener.java

Deploying the two WARs (auth before ups) will show the integration
(admin:admin is the initial password).

IMO this is a huge step towards a proper Keycloak integration, but some
items are still open:
- nicer config (using his testrealm.json inside of the auth-server)
- user/roles mgmt
- integration w/ the new UI
- ...

When Bruno is back, the work on this branch will continue.

That's it for now.

-Matthias






On Tue, May 6, 2014 at 11:49 AM, Matthias Wessendorf <matzew at apache.org>wrote:

> Hello folks!
>
> Bill Burk was helping on the Keycloak front and besides fixing related
> items on the Keycloak server, he also created an example that we can use as
> a template for the actual integration. See [1]
>
> In the past, Bruno and I did integrate w/ an external Keycloak server (see
> [2]), and we did include the keycloak.json file (See [3]). Thanks to Bill's
> work on Keycloak, the 'protected app' no longer needs that, see [4].
> Also there is no more the need to customize the Keycloak Rest Application
> (Stian and I did look into that as well).
>
>
> Good news: This means the UPS can stay as it is -> no need to change
> internals (e.g. the 'bundle all in one WAR file' did force us to change our
> '/rest' URLs, as Keycloak uses them, see [5]).
>
> Inside of our 'modular' Keycloak branch (see [2] again), we can apply the
> work from Bill:
> * our current 'server' module will use a listener similar to [4]
> * create a "ups-auth" module similar to [6]
>
> On the 'ups-auth module' there is one area where we need to have some
> future improvement:
> * testrealm.json -> needs to be in Java code, due to the URL being
> hard-coded in there (we need to resolve the URL of the host, running the
> bits). But, IMO for now that should be good enough.
>
> Bruno did offer to help out on the Keycloak integration, so that I can go
> back to the analytics and mertrics feature. Thanks abstractj!! <3
>
> Greetings,
> Matthias
>
> [1]
> https://github.com/keycloak/keycloak/tree/master/project-integrations/aerogear-ups
> [2]
> https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-modular
> [3]
> https://github.com/aerogear/aerogear-unifiedpush-server/blob/keycloak-modular/server/src/main/webapp/WEB-INF/keycloak.json
> [4]
> https://github.com/keycloak/keycloak/blob/master/project-integrations/aerogear-ups/app/src/main/java/org/keycloak/example/BootstrapListener.java
> [5]
> https://github.com/aerogear/aerogear-unifiedpush-server/tree/keycloak-embedded
> [6]
> https://github.com/keycloak/keycloak/tree/master/project-integrations/aerogear-ups/auth-server
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140514/a102a459/attachment.html