[keycloak-dev] Required fields?

ssilvert at redhat.com ssilvert at redhat.com
Thu Dec 12 16:01:13 EST 2013 

On 12/12/2013 3:14 PM, Bill Burke wrote:
> Are you doing it like PL had it and specifying the WAR name?
It's the deployment name, which is usually the same as the WAR name. 
It's the same idea as PL's subsystem.  At deployment time, we
dynamically add everything you would normally need to specify inside the
deployment.

I'm focusing on WildFly for now.  Any ETA on when that will be ready?

I can do EAP6 if you think it's a must-have.  If we support EAP6 we will
not be able to manage the subsystem from the Keycloak admin console. 
The only way you would be able to do it is by editing
standalone.xml/domain.xml, or issuing CLI commands.

With WildFly we will (hopefully) have CORS support and we can manage the
subsystem from the Keycloak admin console.

Thanks for the explanation of the attributes.  All that looks good.

I'm not sure what to do about the RestEasy client.  How is creation and
sharing of the client done today?
>   There's 
> really two sets of config:
>
> Realm config (* if required):
>
> realm*
> realm-public-key*
> auth-url*
> code-url*
> ssl-not-required
> allow-any-hostname
> disable-trust-manager
> truststore (* if ssl and disable-trust-manager not set)
> truststore-password (* if ssl and disable-trust-manager not set)
> connection-pool-size
>
>
> Application config:
>
> resource
> use-resource-role-mappings
> credentials
> bearer-only
>
> Could be defined in both places to provide a default value (realm level) 
> and override (app level)
>
> enable-cors
> client-keystore
> client-keystore-password
> client-key-password
> cors-max-age
> cors-allowed-headers
> cors-allowed-methods
> expose-token
>
> Also a ResteasyClient (or Apache Http Client) should be created per 
> realm or per Wildfly/EAP instance and shared by each application. 
> There's also some refactoring that needs to be done here.  i.e. 
> auth-url/code-urls should be combined into a realm url.
>
> FYI, I'm about to refactor AS7/EAP adapter to either use an older 
> version of Resteasy or Apache HTtp Client.  I don't want to required 
> patching Resteasy to 3.0.5 for AS7/EAP applications.
>
>
>
>
> On 12/12/2013 2:40 PM, ssilvert at redhat.com wrote:
>> I'm working on letting the user specify the keycloak.json attributes
>> from the keycloak subsystem.  Each attribute in ManagedResourceConfig
>> becomes something you can change by editing standalone.xml or using CLI.
>>
>> I just need to know which attributes required for a keycloak deployment.
>> https://raw.github.com/keycloak/keycloak/master/core/src/main/java/org/keycloak/adapters/config/ManagedResourceConfig.java
>>
>> >From the code in ManagedResourceConfigLoader, it looks like the required
>> fields are:
>> realm
>> resource
>> realm-public-key
>> auth-url
>> code-url
>>
>> Is that correct?
>>
>> Stan
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>

More information about the keycloak-dev mailing list