[keycloak-dev] add-user.sh overwrites wildfly one

Ilya Rum irum at redhat.com
Sat Apr 23 09:06:59 EDT 2016 

Hello!

As a new member of keycloak QA team I recently had to set up some
clustering with domain mode.
I was really confused when add-user.sh did not add user to jboss but
rather created the keycloak-add-user.json.
The worst thing was that I couldn't find any docs on adding user to
underlying eap at all.
Had to read the add-user.sh itself to find out what was happening.
Even if it remains as it is, it really should be at least mentioned in
the docs :)

Have a nice day!
Ilya Rum.

On Sat, Apr 23, 2016 at 08:48:15AM -0400, Bill Burke wrote:
> Do you care about usability at all?  Not everything can fit into nice little
> boxes all the time.  This is going to be extremely confusing for users.  I
> ran into it myself as I thought the jboss add-user.sh script was overwritten
> by our distribution script by mistake.  *OF COURSE* we should have a
> separate add-user.sh script. Even when, hopefully, JBoss can delegate to
> Keycloak in maybe 7.1. If we are going to leverage the JBoss platform, and
> this means the JBoss documentation too, every management function that
> exists in JBoss should be available in Keycloak and *WORK THE SAME WAY*.  If
> we don't change this, we're going to get a ton of support questions that
> say: "Why doesn't add-user.sh work?"
> 
> 
> 
> On 4/23/2016 1:29 AM, Stian Thorgersen wrote:
> >
> >In the future we need to secure the underlying WildFly with rhsso. In
> >which case our add-user will add users for both Keycloak and WildFly/EAP.
> >
> >IMO there's going to be confusion until the above is solved no matter what
> >we do. We'll need to document this whichever way we do it. Options are
> >stay with what we have or rename our script. My vote goes to keep as is
> >and document it. Then hopefully by 7.1 we can secure the WildFly bits so
> >the problem goes away. With the other option (rename ours) there will be a
> >problem once WildFly bits are secured by Keycloak as now the wf add-user
> >script should no longer be used and completely removed at which point we
> >should then rename it back. So in the long run sticking with how it is
> >today is ideal. It's also way to late making changes now. BTW this has
> >been around for months.
> >
> >On 22 Apr 2016 22:14, "Bill Burke" <bburke at redhat.com
> ><mailto:bburke at redhat.com>> wrote:
> >
> >
> >
> >    On 4/22/2016 3:57 PM, Marek Posolda wrote:
> >    > That's the question...
> >    >
> >    > For server distribution, we also have our stuff ( keycloak
> >    subsystem,
> >    > datasource, infinispan etc) directly declared in
> >    "standalone.xml". On
> >    > the other hand, for overlay distribution, we don't want to directly
> >    > update default "standalone.xml", so we are adding our own
> >    > "standalone-keycloak.xml". Isn't it quite similar thing?
> >    >
> >
> >    Product will not have the overlay distribution.
> >
> >    > We can do the same for overlay and server distribution, so never
> >    edit
> >    > default wildfly files ( standalone.xml , add-user.sh), but
> >    always use
> >    > our own versions with "-keycloak" suffix. Advantage is more
> >    > consistent. However people will need to always start keycloak server
> >    > with "./standalone.sh -c standalone-keycloak.xml" then. Doesn't it
> >    > sucks from the usability perspective?
> >    >
> >
> >    The overlay exists because we can't distribute EAP within community.
> >    Keycloak should be run as a separate server, so, IMO, -keycloak.xml
> >    files should go away and overwrite standalone.xml,
> >    standalone-ha.xml and
> >    domain.xml
> >
> >    > I honestly don't know what's the best way regarding usability. AFAIK
> >    > this was decided on mailing lists couple of months ago, but don't
> >    > remember the exact threads...:/
> >    >
> >
> >    I'm pretty adamant about this.  There will be a huge amount of
> >    confusion
> >    if we don't make this separation.  Wildfly/JBoss and Keycloak are hard
> >    enough to configure as it is.
> >
> >
> >    --
> >    Bill Burke
> >    JBoss, a division of Red Hat
> >    http://bill.burkecentral.com
> >
> >    _______________________________________________
> >    keycloak-dev mailing list
> >    keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> >    https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> 
> -- 
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> 

> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list