[keycloak-dev] Branches for the quickstarts

Stan Silvert ssilvert at redhat.com
Fri May 19 12:55:29 EDT 2017


On 5/19/2017 10:05 AM, Marko Strukelj wrote:
> I believe nowadays the tech to use for such multiserver setups would 
> be Docker / OpenShift.
That's good.  I like the OpenShift idea especially.

Then, quickstart just becomes:
1) Spin up a pre-configured QuickStart instance of Keycloak on OpenShift
2) Spin up a pre-configured QuickStart instance of WildFly on OpenShift
3) Download the QuickStart app projects
4) Make your changes to QuickStart apps and upload to OpenShift

>
> On May 19, 2017 14:50, "Stan Silvert" <ssilvert at redhat.com 
> <mailto:ssilvert at redhat.com>> wrote:
>
>     On 5/19/2017 8:29 AM, Stian Thorgersen wrote:
>     > I repeat - Quickstarts are to help people getting started securing
>     > their own applications.
>     >
>     > What you are proposing will not help for that. We don't support
>     > deploying apps directly to Keycloak. It's an SSO solution after all.
>     > So it's just part of it running Keycloak on a different port or
>     host.
>     Also, I don't think I explained very well how this works. There
>     are two
>     completely different servers that just happen to share the same
>     /modules
>     directory:
>
>     /modules
>     /standalone
>     /keycloak
>
>     >
>     > On 19 May 2017 at 14:15, Stan Silvert <ssilvert at redhat.com
>     <mailto:ssilvert at redhat.com>
>     > <mailto:ssilvert at redhat.com <mailto:ssilvert at redhat.com>>> wrote:
>     >
>     >     On 5/19/2017 3:06 AM, Stian Thorgersen wrote:
>     >>     That's rather off topic. Quickstarts is one thing and a
>     >>     demo/example is another thing. Quickstarts is supposed to show
>     >>     you how to get started with securing your apps with Keycloak.
>     >>     What you are proposing is a nice option on just trying out
>     >>     Keycloak, but it doesn't really help users getting started
>     >>     properly with securing their apps.
>     >     I disagree.  It would help tremendously. Right now, to get
>     started
>     >     securing your apps with the help of quickstart you must:
>     >     1) Set up a Keycloak instance and understand that you need
>     to run
>     >     it on port 8180.
>     >     2) Set up a Wildfly instance on port 8080.
>     >     3) Find multiple json files that you need to import to Keycloak
>     >     3.5) If you can't figure out what to import, follow the
>     >     instructions to do Keycloak config by hand.
>     >     4) Create keycloak.json files for each app and put them in the
>     >     proper place.
>     >     5) Do mvn wildfly:deploy for each app you want to run
>     >     6) FIGURE OUT WHAT YOU DID WRONG IN STEPS 1-5
>     >     7) Try modifications to the quickstart apps so you can get an
>     >     ideas about how you will secure your own apps
>     >     8) Deploy your modifications
>     >
>     >     What I propose is that we get rid of steps 1 through 6.
>     >     Quickstart doesn't help if you can't get to steps 7 and 8
>     "quickly".
>     >
>     >
>     >>
>     >>     On 18 May 2017 at 20:59, Stan Silvert <ssilvert at redhat.com
>     <mailto:ssilvert at redhat.com>
>     >>     <mailto:ssilvert at redhat.com <mailto:ssilvert at redhat.com>>>
>     wrote:
>     >>
>     >>         What we really need for the quickstarts is something
>     Bill has
>     >>         been
>     >>         talking about for a long time.
>     >>
>     >>         It's a bundle of Keycloak and examples that just boots
>     up and
>     >>         works.
>     >>         Otherwise, the quickstarts are way too hard to get running.
>     >>         Nobody
>     >>         wants to spend 2 or 3 hours on a "quickstart". That's
>     what I
>     >>         had to do
>     >>         recently and I already know what's going on.  I hate to
>     think
>     >>         about what
>     >>         someone new to Keycloak needs to go through just to see an
>     >>         example.
>     >>
>     >>         This doesn't have to mean that everything runs in the same
>     >>         WildFly
>     >>         instance like the old demo dist.  The problem with that was
>     >>         that it
>     >>         didn't show Keycloak set up as a stand-alone server.
>     >>
>     >>         What you need is a single bundle that lets you run Keycloak
>     >>         standalone
>     >>         and a standalone app server.  I see a couple of ways to
>     do it:
>     >>         1) Use domain mode where you get a domain controller,
>     >>         Keycloak instance,
>     >>         and app server instance all in the same JVM.
>     >>         2) Use two separate server configs and run in two JVM's.
>     >>
>     >>         I think #2 is the best.  The Keycloak instance runs on port
>     >>         8180 and the
>     >>         app server runs on 8080.  You only need one download of
>     >>         WildFly/Keycloak, but you package it with two configs.  So
>     >>         you have:
>     >>         /bin
>     >>         /modules
>     >>         /domain (don't actually need this one)
>     >>         /standalone
>     >>         /keycloak
>     >>
>     >>         To run Keycloak (preloaded with quickstart realm):
>     >>          > standalone --server-config=keycloak
>     >>         -Djboss.socket.binding.port-offset=100
>     >>
>     >>         To run app server (preloaded with quickstart apps):
>     >>          > standalone
>     >>
>     >>
>     >>
>     >>         On 5/18/2017 1:59 PM, Bruno Oliveira wrote:
>     >>         > Hmmm I'm not sure about that. That would be the
>     completely
>     >>         opposite of what
>     >>         > we already do to any repository today. If people want the
>     >>         stable release of
>     >>         > the quickstarts they could just get 3.x or download
>     the zip
>     >>         files, nope?
>     >>         >
>     >>         > On Thu, May 18, 2017 at 2:15 PM Sebastien Blanc
>     >>         <sblanc at redhat.com <mailto:sblanc at redhat.com>
>     <mailto:sblanc at redhat.com <mailto:sblanc at redhat.com>>> wrote:
>     >>         >
>     >>         >> We should also consider the opposite : master is the
>     >>         stable released
>     >>         >> version and a branch for development . I already had
>     >>         confused people
>     >>         >> downloading KC server and cloning the QuickStarts and
>     >>         expecting it to work.
>     >>         >> But tbh I do not have a string opinion on that.
>     >>         >> Le jeu. 18 mai 2017 à 18:57, Bruno Oliveira
>     >>         <bruno at abstractj.org <mailto:bruno at abstractj.org>
>     <mailto:bruno at abstractj.org <mailto:bruno at abstractj.org>>> a
>     >>         >> écrit :
>     >>         >>
>     >>         >>> While working today on the fix of some quickstarts. I'm
>     >>         >>> considering to create a separated branch only for
>     stable
>     >>         versions of the
>     >>         >>> quickstarts.
>     >>         >>>
>     >>         >>> In this way 'master' would be used only for development
>     >>         based on the
>     >>         >>> latest bits from Keycloak repo. And 3.1.x, to the
>     latest
>     >>         stable
>     >>         >>> release on Maven central.
>     >>         >>>
>     >>         >>> Does it make any sense?
>     >>         >>>
>     >>         >>> --
>     >>         >>>
>     >>         >>> abstractj
>     >>         >>>
>     >>         >> _______________________________________________
>     >>         >>> keycloak-dev mailing list
>     >>         >>> keycloak-dev at lists.jboss.org
>     <mailto:keycloak-dev at lists.jboss.org>
>     >>         <mailto:keycloak-dev at lists.jboss.org
>     <mailto:keycloak-dev at lists.jboss.org>>
>     >>         >>>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>     >>         <https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>>
>     >>         >>>
>     >>         > _______________________________________________
>     >>         > keycloak-dev mailing list
>     >>         > keycloak-dev at lists.jboss.org
>     <mailto:keycloak-dev at lists.jboss.org>
>     >>         <mailto:keycloak-dev at lists.jboss.org
>     <mailto:keycloak-dev at lists.jboss.org>>
>     >>         > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>     >>         <https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>>
>     >>
>     >>         _______________________________________________
>     >>         keycloak-dev mailing list
>     >> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     >>         <mailto:keycloak-dev at lists.jboss.org
>     <mailto:keycloak-dev at lists.jboss.org>>
>     >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>     >>         <https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>>
>     >>
>     >>
>     >
>     >
>
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>     <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>



More information about the keycloak-dev mailing list