[keycloak-dev] changes to admin ui login/bootstrap

Bill Burke bburke at redhat.com
Fri Oct 18 12:49:51 EDT 2013 


On 10/18/2013 12:15 PM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 17 October, 2013 11:30:08 PM
>> Subject: Re: [keycloak-dev] changes to admin ui login/bootstrap
>>
>>
>>
>> On 10/17/2013 4:42 AM, Stian Thorgersen wrote:
>>> I strongly feel this is a mistake. We need to find a way to make the admin
>>> console use Keycloak without any hacks. In my opinion the admin console
>>> should use keycloak.js as it's a client-side application. For client-side
>>> applications the credentials should be public so can just be
>>> pre-configured to a well-known string.
>>>
>>> Safety of client-side applications are provided by two things: firstly the
>>> application credentials themselves don't give you any privileges, secondly
>>> the redirect uri should be verified by Keycloak preventing unauthorized
>>> use of the credentials.
>>>
>>> If we can't come up with a good and safe approach to using Keycloak with
>>> HTML5 and mobile applications the project is a huge fail! If we're not
>>> using it directly ourselves for our HTML5 console that doesn't sound right
>>> to me.
>>>
>>
>> #1  I want Keycloak ready to use out of the box and be as secure and
>> locked down as possible.  This requirement may or may not effect the
>> implementation of the admin ui or admin REST interfaces.
>>
>> #2 We don't support CORS yet so doing keycloak.js approach is not an
>> option at the moment.  I'm going to tackle that now as I don't think its
>> that much work and this would be a really cool core feature.
>
> I've already started work on keycloak.js + CORS support. As I mentioned on our Hangout having a good way to support HTML5 applications is a strong requirement for MBaaS so that is something I'm look at now
>

Would be good to know what you're doing for this.  This requires support 
at multiple layers to support it as a core keycloak feature.  I've done 
most of the work, just have the admin UI left.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list