[keycloak-dev] Programatic configuration
Bill Burke
bburke at redhat.com
Tue Nov 25 08:15:59 EST 2014
On 11/25/2014 7:50 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bruno Oliveira" <bruno at abstractj.org>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
>> Sent: Tuesday, 25 November, 2014 1:29:24 PM
>> Subject: Re: [keycloak-dev] Programatic configuration
>>
>> On 2014-11-25, Stian Thorgersen wrote:
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Bruno Oliveira" <bruno at abstractj.org>
>>>> To: "keycloak dev" <keycloak-dev at lists.jboss.org>
>>>> Sent: Tuesday, 25 November, 2014 12:22:22 PM
>>>> Subject: [keycloak-dev] Programatic configuration
>>>>
>>>> Good morning, we've been discussing the following workflow on AeroGear:
>>>>
>>>> First time
>>>>
>>>> 1. Developer create an UPS instance on OpenShift
>>>> 2. Visit https://myups-abstractj.rhcloud.com/ag-push
>>>> 3. The application automagically redirect to the configuration page the
>>>> with
>>>> options default or Custom — where default make use of the embbeded
>>>> Keycloak on UPS and custom our developer would be able to specify
>>>> another Keycloak instance (http://andresgalante.com/configuration/)
>>>> 4. App changes the keycloak.json/ups-realm.json file based on the URL
>>>> provided.
>>>>
>>>> Second time
>>>>
>>>> 1. Visit https://myups-abstractj.rhcloud.com/ag-push
>>>> 2. The application check if some configuration already exists (default
>>>> or custom)
>>>> 3. Redirect users to UPS login page or Keycloak login page. It pretty
>>>> much depends.
>>>>
>>>> I would like to programatically change (via Java) `ups-realm.json`,
>>>> `keycloak.json`
>>>> and `admin-ui-keycloak.json`. See
>>>> https://github.com/abstractj/aerogear-unifiedpush-server/commit/e8fc8461fea69801cc495127a88aff05a55c68cd#diff-356b0e49e775810162fd2be9110bb5f4R3
>>>>
>>>> Possible alternatives off the top of my head:
>>>>
>>>> 1. Read/manipulate JSON files from the database and provide
>>>> `keycloak.json`
>>>> and
>>>> `admin-ui-keycloak.json` as a resource like Keycloak team did for
>>>> JavaScript
>>>> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/JsResource.java
>>>> 2. Dinamically generate to a shared place on WildFly `keycloak.json` and
>>>> `admin-ui-keycloak.json` files.
>>>>
>>>> Do you have a better idea?
>>>
>>> Is it only the auth-server url you're changing? keycloak.json supports
>>> system properties so you can use for example { "auth-server" :
>>> "${keycloak.url}" }. If you do that you don't have to rewrite the file at
>>> all.
>>
>> Yes! That's gorgeous! Am I supposed to define it during the bootstrap?
>> For ups-realm.json file, I'm considering to make use of
>> AdapterDeploymentContext like we did in the past, because the redirect
>> url must dinamically change
>> https://github.com/abstractj/aerogear-unifiedpush-server/commit/e8fc8461fea69801cc495127a88aff05a55c68cd#diff-b8df82f22499b0118c37e0e363c4342aR80
>
> How would AdapterDeploymentContext work for a remote KC server?
>
> In the past I had an idea of adding support for server aliases, so you could for example do "http://${ups}/ag-push" as the redirect-uri in KC. Then we could provide some easy way to manage server-aliases, even allowing it to resolve to one or more urls.
>
The idea was that the UPS mgmt console would allow you to specify a
remote keycloak URL. It would store this URL, then update the
AdapterDeploymentContext at runtime.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list