[keycloak-dev] application configuration idea
Bill Burke
bburke at redhat.com
Fri Sep 20 10:19:13 EDT 2013
This is what an application configuration file looks like:
{
"realm" : "demo",
"resource" : "product-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADC",
"auth-url" :
"http://localhost:8080/auth-server/rest/realms/demo/tokens/login",
"code-url" :
"http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes",
"ssl-not-required" : true,
"credentials" : {
"password" : "password"
}
}
Notice that the credentials are in clear text. Admins will dislike this
tremendously. What I propose is that you must obtain the application
configuration file from the admin console. The configuration file would
be encrypted using a hash of a password specific to the application.
THe config file would then look something like this:
{
"realm" : "demo",
"encryptedConfig" : "MIGMA0GCSqGS..."
}
Then, your server instance must be booted up via a system property or
environment variable, i.e.:
standalone.sh -Dkeycloak.myrealm.password=geheim
The keycloak plugin would then decrypt the application config file based
on this password.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list