[keycloak-user] Best practices for building appliances
Marek Posolda
mposolda at redhat.com
Tue Feb 3 04:08:58 EST 2015
On 2.2.2015 13:26, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> In our project, we plan to have a distribution where we ship our
> application with a Wildfly bundled, a la Keycloak Appliance.
>
> My main concern is shipping our distribution with a default pair of
> realm keys or with a pre-filled database. I know it's possible to
> import a realm on the first boot and KC will generate the required
> keys if they are missing from the imported JSON template, but as we
> are shipping our own WAR, we would need to get the public key into our
> application's keycloak.json (or subsystem) before it gets deployed.
For public realm key, you don't need to specify it in keycloak.json. In
that case, the adapter downloads public key from keycloak auth-server
during first HTTP request (see AdapterDeploymentContext.resolveRealmKey).
I guess this won't solve all your issues, but maybe it will help a
little bit ;)
Marek
>
> I wonder if this is a common situation and what would be the best
> practices for such case. I think Stian mentioned before that a future
> version of KC would allow auto registration of applications, but until
> that is available, I'd be interested in hearing your experiences about it.
>
> Another situation is for a contributor of the project or for users who
> would want to build from the source: what would be the best practice
> for generating new keys at each build? If there's no easy solution for
> that now, I'd be interested in building a "keycloak-cli" utility that
> would generate realm and application JSON files, possibly with a Maven
> plugin wrapper to make it easier to consume from maven projects. Would
> something like that be interesting for the project?
>
> Best,
> Juca.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUz20DAAoJEDnJtskdmzLMbUYH/A0bclPFHI5FhL85lAXUrJ+a
> DT0PLdm9nMSzCJS23Auey4XSfk3YMxaGqve0yiEAstkfkro4AsPsvmQz1H/zyyUX
> csZduMlo8zzXox1n0uK8Mz95dnikSMD4MzAqXM3g8l3a7ORiw25Gg51REBMOJPUL
> YzX0qRQlEq+MDCJw/L0G5KUZWqmrCYy5GpJ8e3wibK/MzPg/vhs7KLgxr0jh8Eee
> gjlG/H4K37crDZrRE2ILGi7xV6GZYTw6AKgm03QFqt0/9HluJFcU9vPUs4JWMKfu
> O7Nf4qQ7OJWnVijepQ1Jdcg7uRnX1a019v0kbIZT3g6YSoYT6nCRow9kCEQ0DGo=
> =wYHW
> -----END PGP SIGNATURE-----
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list