[keycloak-dev] Don't show KEYCLOAK_APPLICATION and KEYCLOAK_IDENTITY_REQUESTER externally

[Stian Thorgersen]

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Thursday, 14 November, 2013 5:20:10 PM
> Subject: Re: [keycloak-dev] Don't show KEYCLOAK_APPLICATION and KEYCLOAK_IDENTITY_REQUESTER externally
> 
> 
> 
> On 11/14/2013 12:02 PM, Stian Thorgersen wrote:
> > Ok - I can sort these out.
> >
> > By the way I've updated the dist to WildFly + made it use persistent H2 by
> > default. Once we've got a release somewhere I can quickly modify my
> > WildFly OpenShift QuickStart to make it easy to get Keycloak up and
> > running on OpenShift. I haven't looked at configuring SSL by default yet
> > though, maybe that's something we can push post-M1?
> >
> 
> Might be as easy as running keytool within run.sh if the appropriate
> keystore doesn't exist in the distro.  That was my thinking at least.

That's simpler than my pure-java idea ;)

I was going to create the cert from within KeycloakApplicationServer then setup the https connector at runtime (can be done from a war, but need to find the code for it, had it somewhere but now it's lost).

My reasoning was that I don't have a Windows machine so couldn't test adding this to standalone.bat. Whatever you add to standalone.sh needs to be tested with cygwin as well. In the future we could utilize this to have a required setup page on the admin console, where the admin needs to either upload his own cert or click the auto-generate cert.

> 
> FYI, there is currently a nasty bug in Undertow/Wildfly where the
> JSESSIONID cookie's path is set to '/' and thus sessions (well really 1
> session) are shared between deployed WARs :(  Sort of makes our demo
> undemo-able :)
> 
> Bill
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>