[aerogear-dev] Using existing Keycloak installation with Aerogear

Bruno Oliveira bruno at abstractj.org
Mon Oct 13 16:32:14 EDT 2014


Thank you guys, a JIRA was created to track the issue:
https://issues.jboss.org/browse/AGPUSH-1047

It will be the next item after user management.

On 2014-10-13, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
> > From: "Bruno Oliveira" <bruno at abstractj.org>
> > To: "AeroGear Developer Mailing List" <aerogear-dev at lists.jboss.org>
> > Sent: Monday, 13 October, 2014 4:38:08 PM
> > Subject: Re: [aerogear-dev] Using existing Keycloak installation with	Aerogear
> >
> > On 2014-10-13, Matthias Wessendorf wrote:
> > > On Mon, Oct 13, 2014 at 4:08 PM, Egor Kolesnikov <
> > > egor.kolesnikov at fastlane-it.com> wrote:
> > >
> > > > Hi Matthias
> > > >
> > > >
> > > >
> > > > I do understand that Aerogear is quite young product and may not have all
> > > > features yet
> > > >
> > >
> > > AeroGear is more, than just its UPS (UnifiedPush Server) - which we are
> > > talking about here :)
> > >
> > >
> > > > – just need to understand your vision of the project to align our further
> > > > development appropriately.
> > > >
> > > >
> > > >
> > > > Having said that, I can see two possible integration options with
> > > > projects
> > > > like ours:
> > > >
> > > > 1.       Aerogear+Keycloak combo used for “all things auth” (this will
> > > > require unlocking master/admin user);
> > > >
> > > moving forward, I'd like us to go there. Again it was just done to limit
> > > the initial scope of the UPS
> > >
> > >
> > >
> > > > 2.       Configuring Aerogear to use external Keycloak installation.
> > > >
> > > we have had discussions about that too. that it should be possible to have
> > > our UnifiedPush Server on one machine, and a standalone keycloak server,
> > > that is used for more. not just UPS
> >
> > I think it makes perfect sense. There are two solutions quick or slow.
> >
> > 1. Quick: enable our developers to make use of not only AeroGear, but
> > create new realms as well. Also, let them, do whatever they want with
> > the admin.
> >
> > 2. Slow (I'm +1 on it). Dettach UPS from Keycloak and use as an external
> > installation. (off course, provide an easy way to install). If we think
> > carefuly, people might want to have 1 server with Keycloak and 4 with
> > UPS or the opposite.
>
> +1000 To option 2. The other option doesn't really make that much sense to me.
>
> >
> >
> > >
> > >
> > >
> > > > Option 1 appears to be the easiest way around, whether Option 2 looks
> > > > like
> > > > the most appropriate solution in the SSO world – as in, there’s still a
> > > > “single” sign-on point which is used by all third-party systems. If I
> > > > understand correctly, this could possibly be as easy as setting up
> > > > auth-server-url property in Aerogear’s keycloak.json so it delegates to
> > > > external Keycloak instance instead of using its “own” one.
> > > >
> > > >
> > > >
> > > > I’m happy to spend some time investigating and experimenting with both
> > > > options.
> > > >
> > > >
> > > >
> > > > Cheers
> > > >
> > > > Egor
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > *From:* aerogear-dev-bounces at lists.jboss.org [mailto:
> > > > aerogear-dev-bounces at lists.jboss.org] *On Behalf Of *Matthias Wessendorf
> > > > *Sent:* Tuesday, 14 October 2014 12:49 AM
> > > >
> > > > *To:* AeroGear Developer Mailing List
> > > > *Subject:* Re: [aerogear-dev] Using existing Keycloak installation with
> > > > Aerogear
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Oct 13, 2014 at 3:40 PM, Egor Kolesnikov <
> > > > egor.kolesnikov at fastlane-it.com> wrote:
> > > >
> > > > Hi Matthias
> > > >
> > > >
> > > >
> > > > That’s correct – we are already using Keycloak to secure our RESTful APIs
> > > > for mobile and web client access. Not that having separate installation
> > > > for
> > > > exclusive Aerogear is a dealbreaker, but it would re-introduce the
> > > > problem
> > > > Keycloak was supposed to solve in the first place J
> > > >
> > > >
> > > >
> > > > fully understand! But we, initially, felt like limiting a bit. that said,
> > > > we are flexible and there might be a chance to have this changed
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > I can see that UpsSecurityApplication class kills off Keycloak admin user
> > > > in master realm – would it break anything if I disabled this feature and
> > > > started using Aerogear-supplied Keycloak for other purposes on separate
> > > > realms?
> > > >
> > > >
> > > >
> > > > I don't think so (not tested). I recall we did this mainly to avoid
> > > > adding
> > > > new realms
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Our use case is mobile app (iOS+android), backend and AngularJS-based web
> > > > frontend and so far Keycloak fits our purpose like a glove. Now that
> > > > we’re
> > > > adding Push notification support, Aerogear appears to be quite logical
> > > > choice.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > sounds great!
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Thanks
> > > >
> > > > Egor
> > > >
> > > >
> > > >
> > > > *From:* aerogear-dev-bounces at lists.jboss.org [mailto:
> > > > aerogear-dev-bounces at lists.jboss.org] *On Behalf Of *Matthias Wessendorf
> > > > *Sent:* Tuesday, 14 October 2014 12:29 AM
> > > > *To:* AeroGear Developer Mailing List
> > > > *Subject:* Re: [aerogear-dev] Using existing Keycloak installation with
> > > > Aerogear
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > >
> > > >
> > > > for the UnifiedPush Server the initial integration case was to function
> > > > only for the need of the AeroGear UnifiedPush server.
> > > >
> > > >
> > > >
> > > > So, looks like, you'd appreciate a bit more flexibility, to basically use
> > > > the auth-server for other apps as well ?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Oct 13, 2014 at 3:18 PM, ekolesnikov <ek at fastlane-it.com> wrote:
> > > >
> > > > Hi,
> > > >
> > > > Apologies for writing straight into DEV forums - I was unable to locate
> > > > "aerogear-users" mailing list anywhere. Please feel free to point me to
> > > > the
> > > > right direction if this mailing list is inappropriate for questions like
> > > > this.
> > > >
> > > > Is it possible to use/integrate Aerogear with existing Keycloak
> > > > installation? We are already using Keycloak for all things auth in our
> > > > application and have found ourselves in the situation where we
> > > > potentially
> > > > have to manage separate infrastructure - which makes the whole point of
> > > > using Keycloak a bit irrelevant.
> > > >
> > > > As an alternative, we could consider using Keycloak supplied with with
> > > > Aerogear - unfortunately, it looks like Aerogear has disabled Keycloak
> > > > option to create additional realms.
> > > >
> > > > I would really appreciate it if you could share your thought on this.
> > > >
> > > > Thanks
> > > > Egor
> > > >
> > > >
> > > >
> > > > --
> > > > View this message in context:
> > > > http://aerogear-dev.1069024.n5.nabble.com/Using-existing-Keycloak-installation-with-Aerogear-tp9440.html
> > > > Sent from the aerogear-dev mailing list archive at Nabble.com.
> > > > _______________________________________________
> > > > aerogear-dev mailing list
> > > > aerogear-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Matthias Wessendorf
> > > >
> > > > blog: http://matthiaswessendorf.wordpress.com/
> > > > sessions: http://www.slideshare.net/mwessendorf
> > > > twitter: http://twitter.com/mwessendorf
> > > >
> > > >
> > > > ------------------------------
> > > >
> > > > <http://www.avast.com/>
> > > >
> > > > This email is free from viruses and malware because avast! Antivirus
> > > > <http://www.avast.com/> protection is active.
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > aerogear-dev mailing list
> > > > aerogear-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Matthias Wessendorf
> > > >
> > > > blog: http://matthiaswessendorf.wordpress.com/
> > > > sessions: http://www.slideshare.net/mwessendorf
> > > > twitter: http://twitter.com/mwessendorf
> > > >
> > > >
> > > > ------------------------------
> > > >    <http://www.avast.com/>
> > > >
> > > > This email is free from viruses and malware because avast! Antivirus
> > > > <http://www.avast.com/> protection is active.
> > > >
> > > >
> > > > _______________________________________________
> > > > aerogear-dev mailing list
> > > > aerogear-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> > > >
> > >
> > >
> > >
> > > --
> > > Matthias Wessendorf
> > >
> > > blog: http://matthiaswessendorf.wordpress.com/
> > > sessions: http://www.slideshare.net/mwessendorf
> > > twitter: http://twitter.com/mwessendorf
> >
> > > _______________________________________________
> > > aerogear-dev mailing list
> > > aerogear-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

--

abstractj
PGP: 0x84DC9914


More information about the aerogear-dev mailing list