[aerogear-dev] Using existing Keycloak installation with Aerogear

Mon Oct 13 10:16:47 EDT 2014

On Mon, Oct 13, 2014 at 4:08 PM, Egor Kolesnikov <
egor.kolesnikov at fastlane-it.com> wrote:

> Hi Matthias
>
>
>
> I do understand that Aerogear is quite young product and may not have all
> features yet
>

AeroGear is more, than just its UPS (UnifiedPush Server) - which we are
talking about here :)

> – just need to understand your vision of the project to align our further
> development appropriately.
>
>
>
> Having said that, I can see two possible integration options with projects
> like ours:
>
> 1.       Aerogear+Keycloak combo used for “all things auth” (this will
> require unlocking master/admin user);
>
moving forward, I'd like us to go there. Again it was just done to limit
the initial scope of the UPS

> 2.       Configuring Aerogear to use external Keycloak installation.
>
we have had discussions about that too. that it should be possible to have
our UnifiedPush Server on one machine, and a standalone keycloak server,
that is used for more. not just UPS

> Option 1 appears to be the easiest way around, whether Option 2 looks like
> the most appropriate solution in the SSO world – as in, there’s still a
> “single” sign-on point which is used by all third-party systems. If I
> understand correctly, this could possibly be as easy as setting up
> auth-server-url property in Aerogear’s keycloak.json so it delegates to
> external Keycloak instance instead of using its “own” one.
>
>
>
> I’m happy to spend some time investigating and experimenting with both
> options.
>
>
>
> Cheers
>
> Egor
>
>
>
>
>
>
>
> *From:* aerogear-dev-bounces at lists.jboss.org [mailto:
> aerogear-dev-bounces at lists.jboss.org] *On Behalf Of *Matthias Wessendorf
> *Sent:* Tuesday, 14 October 2014 12:49 AM
>
> *To:* AeroGear Developer Mailing List
> *Subject:* Re: [aerogear-dev] Using existing Keycloak installation with
> Aerogear
>
>
>
>
>
>
>
> On Mon, Oct 13, 2014 at 3:40 PM, Egor Kolesnikov <
> egor.kolesnikov at fastlane-it.com> wrote:
>
> Hi Matthias
>
>
>
> That’s correct – we are already using Keycloak to secure our RESTful APIs
> for mobile and web client access. Not that having separate installation for
> exclusive Aerogear is a dealbreaker, but it would re-introduce the problem
> Keycloak was supposed to solve in the first place J
>
>
>
> fully understand! But we, initially, felt like limiting a bit. that said,
> we are flexible and there might be a chance to have this changed
>
>
>
>
>
> I can see that UpsSecurityApplication class kills off Keycloak admin user
> in master realm – would it break anything if I disabled this feature and
> started using Aerogear-supplied Keycloak for other purposes on separate
> realms?
>
>
>
> I don't think so (not tested). I recall we did this mainly to avoid adding
> new realms
>
>
>
>
>
> Our use case is mobile app (iOS+android), backend and AngularJS-based web
> frontend and so far Keycloak fits our purpose like a glove. Now that we’re
> adding Push notification support, Aerogear appears to be quite logical
> choice.
>
>
>
>
>
> sounds great!
>
>
>
>
>
> Thanks
>
> Egor
>
>
>
> *From:* aerogear-dev-bounces at lists.jboss.org [mailto:
> aerogear-dev-bounces at lists.jboss.org] *On Behalf Of *Matthias Wessendorf
> *Sent:* Tuesday, 14 October 2014 12:29 AM
> *To:* AeroGear Developer Mailing List
> *Subject:* Re: [aerogear-dev] Using existing Keycloak installation with
> Aerogear
>
>
>
> Hi,
>
>
>
> for the UnifiedPush Server the initial integration case was to function
> only for the need of the AeroGear UnifiedPush server.
>
>
>
> So, looks like, you'd appreciate a bit more flexibility, to basically use
> the auth-server for other apps as well ?
>
>
>
>
>
>
>
> On Mon, Oct 13, 2014 at 3:18 PM, ekolesnikov <ek at fastlane-it.com> wrote:
>
> Hi,
>
> Apologies for writing straight into DEV forums - I was unable to locate
> "aerogear-users" mailing list anywhere. Please feel free to point me to the
> right direction if this mailing list is inappropriate for questions like
> this.
>
> Is it possible to use/integrate Aerogear with existing Keycloak
> installation? We are already using Keycloak for all things auth in our
> application and have found ourselves in the situation where we potentially
> have to manage separate infrastructure - which makes the whole point of
> using Keycloak a bit irrelevant.
>
> As an alternative, we could consider using Keycloak supplied with with
> Aerogear - unfortunately, it looks like Aerogear has disabled Keycloak
> option to create additional realms.
>
> I would really appreciate it if you could share your thought on this.
>
> Thanks
> Egor
>
>
>
> --
> View this message in context:
> http://aerogear-dev.1069024.n5.nabble.com/Using-existing-Keycloak-installation-with-Aerogear-tp9440.html
> Sent from the aerogear-dev mailing list archive at Nabble.com.
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
>
> ------------------------------
>
> <http://www.avast.com/>
>
> This email is free from viruses and malware because avast! Antivirus
> <http://www.avast.com/> protection is active.
>
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
>
> ------------------------------
>    <http://www.avast.com/>
>
> This email is free from viruses and malware because avast! Antivirus
> <http://www.avast.com/> protection is active.
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>

-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141013/7a4d7fcd/attachment.html 