[keycloak-dev] Aerogear UPS + External Keycloak boostrap
Matthias Wessendorf
matzew at apache.org
Fri Feb 7 03:01:05 EST 2014
Hi,
On Fri, Feb 7, 2014 at 3:15 AM, Bill Burke <bburke at redhat.com> wrote:
> We still need to figure this out.
>
> Can't port mappings be set up from the cartridge config so the
> as7/wildfly mgmt HTTP interface can be exposed? There's also a problem
> of setting up credentials for the as7/wildfly HTTP mgmt service. Quite
> honestly, I'm not sure how we can use a Wildfly subsystem for this.
>
>
I am also not really sure on this, atm.
I started looking into this a bit this week, but didn't make real progress.
Next week I will continue;
> We just might have to build support for all this within the keycloak
> adapter itself. Allow it the ability to modify the keycloak.json file.
> Then you only have one Aerogear UPS + Keycloak cartridge.
>
> 1. UPS would use a preconfigured co-bundled Keycloak for initial login
> 2. Initial login would require you to change the admin password
> 3. UPS Admin page allows you to switch Keycloak realms.
> 4. Switching a realm automatically creates the UPS Application on the
> new Keycloak realm. It also rewrites the keycloak.json file, and also
> modifies the adapter's runtime config.
>
> Am I making any sense?
>
That would be for a bundled integration, where everything runs
out-of-the-box, right?
I believe this does make sense, and would be a good starting point.
I am not yet sure on the 'external' case - e.g. where one company has a
single Keycloak server, and several apps
pointing to it. If the org. than wants to run the UPS w/ against that
keycloak as well, they would have to open the WAR and start editing some
files.
-Matthias
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140207/bfaf87f7/attachment.html
More information about the keycloak-dev
mailing list