[keycloak-dev] WildFly integration (READ ME!)

Fri Feb 20 10:05:00 EST 2015

On 02/19/2015 03:32 AM, Stian Thorgersen wrote:
> No comments?!
Peanut gallery chiming in; you asked for it ;)

I am not a WildFly developer or administrator.  So read this email as 
the opinions of a talented developer who loves the hell out of using 
KeyCloak and WildFly and sings its praises from the roof tops but has no 
idea what you are talking about.
>
> ----- Original Message -----
>> From: "Stian Thorgersen" <stian at redhat.com>
>> To: "keycloak dev" <keycloak-dev at lists.jboss.org>
>> Sent: Tuesday, February 3, 2015 10:08:50 AM
>> Subject: [keycloak-dev] WildFly integration (READ ME!)
>>
>> All,
>>
>> We have a few decisions to make in the not so far future. I'm away from
>> Thursday, so let's have a hangout when I get back on the 17th February if
>> that works for everyone.
>>
>> The list of things to discuss includes:
>>
>> * Drop keycloak-server.json - Should we drop our own configuration file and
>> use DMR (standalone.xml)
If on day one enabling KeyCloak in my project was any more complicated 
than dropping a pregenerated file into my WEB-INF directory I would have 
closed the project and never looked back.  -1

>>
>> * Keycloak CLI - Should we create our own or use WildFly CLI
On the one hand the wildfly CLI is black magic.  On the other hand it is 
really well done black magic.  It is very hard to do CLIs well so I 
would like to see the wildfly CLI be used.
>>
>> * Admin operations exposed over DMR - Should we expose none, some or all
>> admin operations over DMR? If we expose all should we deprecate the current
>> REST endpoints?
Is DMR the thing that puts stuff in the WildFly admin UI (I tried to 
read the google result for "wildfly DMR" but it quickly turned into 
turtles all the way down)?

In my experience I don't LIKE using the WildFly admin UI, I would rather 
use the CLI, scripts, etc.  I haven't used the KeyCloak REST endpoints 
and keeping them just increases the attack surface.
>>
>> * Packaging/distribution - How do we distribute Keycloak? Options:
>>    - Full WildFly
>>    - Core/web WildFly
>>    - Overlay/installer/feature-pack to install to existing WF and EAP
>>    - WAR bundle
How about a shell script that examines a WF install directory and does 
all the magic for me or aDocker container?

In general I have not liked the experience of having wildfly bundled 
with a product.  It tends to mess with other servers I have installed 
and be a general PITA to maintain for anything more than the most 
trivial of demos.
>>
>> * How should we deal with providers, themes and keycloak-server.json in
>> domain-mode
>>
>> * MSC all the way - We can deploy directly through the Undertow sub-system
>> instead of deploying a WAR from the sub-system
What is MSC?
>>
>> * Split sub-systems - Should we split the sub-system in two? One for the
>> auth-server and another for the adapter
What are the trade offs?  What will using KeyCloak look like from my POV 
if we split?
>>
>> * Deployable to other containers - Should it be possible to deploy Keycloak
>> to Tomcat, Jetty, Fuse, etc..? One option could be to have reduced features
>> in other containers (for example no client-cert)
The awesomeness of WildFly has forever made web containers look 
insignificant to me.  If Glassfish still had a community edition worth a 
damn I would say target it as well.  I don't know how TomEE is but that 
may be good to support just for a "first one's free" to get people into 
WildFly land.

I don't think Websphere or WebLogic support has ever gotten anyone 
excited about a project.  Honestly they are the technology equivalent of 
taking a cold shower with grandma.
>>
>> Please add any other relevant topics.
>>
>> Next big discussion I want to have is about distribution of adapters, but
>> let's do one at a time ;)
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


-- 
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.