[keycloak-dev] [wildfly-dev] Including Keycloak client adapters in WildFly 10

Stian Thorgersen stian at redhat.com
Mon Jul 13 10:34:13 EDT 2015 

----- Original Message -----
> From: "Jason Greene" <jason.greene at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>, wildfly-dev at lists.jboss.org
> Sent: Tuesday, 7 July, 2015 11:19:52 PM
> Subject: Re: [wildfly-dev] Including Keycloak client adapters in WildFly 10
> 
> 
> > On Jul 3, 2015, at 6:40 AM, Stian Thorgersen <stian at redhat.com> wrote:
> > 
> > Keycloak provides an adapter, including a WildFly extensions, to make it
> > easier to add authentication to JavaEE applications with Keycloak.
> 
> Sorry for my delay replying. Comments are inline:
> 
> > 
> > It includes a few modules. Currently 8 Keycloak specific modules and one 1
> > third-party. The third-party is net.iharder.base64.
> 
> We already have many Base64 implementations. It’s pretty easy to pull one in
> with cut and paste. Java 8 also provides one, so that could be used.

We can copy/paste it, but would it not be better to include one Base64 lib in WildFly than have everyone have their own?

> 
> > 
> > As the WildFly extensions includes a deployment processor that configures
> > the authentication method as well as dependencies for a deployment it's
> > easy to add authentication to a JavaEE application. All you need to do is
> > specify it in standalone.xml, for example:
> > 
> >  ...
> >  <secure-deployment name="mywar.war”>
> 
> I’m assuming that the DUPs you register match the deployment name with this
> key, and then modify the app configuration?

Yep

> 
> >    <realm>myrealm</realm>
> >    <realm-public-key>MIIBIjAN...</realm-public-key>
> >    <auth-server-url>http://localhost:8081/auth</auth-server-url>
> >    <ssl-required>EXTERNAL</ssl-required>
> >    <resource>mywar</resource>
> >    <credential
> >    name="secret">675356d8-2b6b-4602-a74f-7079e0555885</credential>
> 
> You probably already did this, but such an attribute should support vault
> usage as well so that credentials can be kept out of configs.

No, pretty sure we don't, but we should

> 
> >  </secure-deployment>
> >  ...
> > 
> > I'd like to explore if we can add this extension and the required modules
> > directly to WildFly 10, rather than require users to add it themselves.
> 
> Can you sync up with the elytron team? They are making other changes in this
> area, which are not yet in 10, and I want to make sure thats all compatible.

Will do, we need to have a sync with them asap in either case to make sure the Elytron SPIs cover all use-cases we need.

> 
> --
> Jason T. Greene
> WildFly Lead / JBoss EAP Platform Architect
> JBoss, a division of Red Hat
> 
> 
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev

More information about the keycloak-dev mailing list