[keycloak-dev] Don't show KEYCLOAK_APPLICATION and KEYCLOAK_IDENTITY_REQUESTER externally

Bill Burke bburke at redhat.com
Thu Nov 14 12:39:53 EST 2013



On 11/14/2013 12:35 PM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 14 November, 2013 5:20:10 PM
>> Subject: Re: [keycloak-dev] Don't show KEYCLOAK_APPLICATION and KEYCLOAK_IDENTITY_REQUESTER externally
>>
>>
>>
>> On 11/14/2013 12:02 PM, Stian Thorgersen wrote:
>>> Ok - I can sort these out.
>>>
>>> By the way I've updated the dist to WildFly + made it use persistent H2 by
>>> default. Once we've got a release somewhere I can quickly modify my
>>> WildFly OpenShift QuickStart to make it easy to get Keycloak up and
>>> running on OpenShift. I haven't looked at configuring SSL by default yet
>>> though, maybe that's something we can push post-M1?
>>>
>>
>> Might be as easy as running keytool within run.sh if the appropriate
>> keystore doesn't exist in the distro.  That was my thinking at least.
>
> That's simpler than my pure-java idea ;)
>
> I was going to create the cert from within KeycloakApplicationServer then setup the https connector at runtime (can be done from a war, but need to find the code for it, had it somewhere but now it's lost).
>
> My reasoning was that I don't have a Windows machine so couldn't test adding this to standalone.bat. Whatever you add to standalone.sh needs to be tested with cygwin as well. In the future we could utilize this to have a required setup page on the admin console, where the admin needs to either upload his own cert or click the auto-generate cert.
>

I work on Windows and can do the Windows part.  I miss OSX, but I wanted 
a gaming laptop with no Linux headaches, so Windows it is.

Another Wildfly/Undertow bug :( Accessing unprotected areas still 
triggers authentication.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list