4 Replies Latest reply on Sep 8, 2014 2:04 PM by mposolda

    Separate Keycloak Server

    peterson.dean
    peterson.dean Sep 1, 2014 10:36 AM

      You use Keycloak for authentication. I am quite familiar with that project and I already have an existing keycloak server. It looks like you have integrated with the keycloak admin console itself. I want to keep up to date with the latest keycloak updates and use my own separate keycloak server. What is the best way to do that with Liveoak?

        • 1. Re: Separate Keycloak Server
          kenfinni
          kenfinni Sep 2, 2014 6:34 AM (in response to peterson.dean)

          At the moment there isn't a way to specify your own keycloak server for LiveOak to use.

           

          [LIVEOAK-310] Update KeycloakServerApplication to take system parameters - JBoss Issue Tracker somewhat covers what your asking, and it is definitely something we need to be able to support.

           

          In the meantime, it might be possible to use your own keycloak simply by changing the following:

           

          liveoak/keycloak.json at master · liveoak-io/liveoak · GitHub

          liveoak/client.js at 2f538472053fb8c155df01fb2bacb5d1f079e2f9 · liveoak-io/liveoak · GitHub

           

          You would be more than welcome to submit a pull request that makes this possible!

           

          Hope the above helps in the mean time.

            • Actions
          • 2. Re: Separate Keycloak Server
            peterson.dean
            peterson.dean Sep 2, 2014 2:01 PM (in response to kenfinni)

            Thanks for the response!  I Will give your suggestions a try.  I did ask a similar question in the Keycloak user email list and received this response from Stian:

             

            "To make LiveOak as easy as possible to use we wanted it to work out of the box, so we include a ready bootstrapped Keycloak.

             

            It's quite easy to remove the bootstrap Keycloak server and use your own. Marek is going to upgrade Keycloak in LiveOak soon and he'll add some documentation on how to use an external Keycloak server."   - Stian



            They may end up suggesting the same things you have already.

              • Actions
            • 3. Re: Separate Keycloak Server
              peterson.dean
              peterson.dean Sep 3, 2014 10:41 PM (in response to kenfinni)

              The client.js file does take options but it seems that would only affect client side applications I am writing later on.  I did try changing the keycloak.json file.  Unfortunately there must be more to the story.  Also, when starting the server for the first time, pointing to my existing mongo repository, a new liveoak-kc database is created that stores realms, roles and users.  That is unnecessary for me as well.  I prefer to use my own keycloak with that information stored in a centrally located relational database. 

                • Actions
              • 4. Re: Separate Keycloak Server
                mposolda
                mposolda Sep 8, 2014 2:04 PM (in response to peterson.dean)

                I've added instructions about separate Keycloak setup to http://liveoak.io/docs/guides/tutorial_keycloak_separate/ (we already talked about it on keycloak ML, but I am mentioning here as well for tracking purposes).

                 

                If you want embedded Keycloak to use different mongo database than "liveoak-kc" you can change it either via system properties or in the keycloak configuration file LIVEOAK_HOME/standalone/deployments/auth-server.war/WEB-INF/classes/META-INF/keycloak-server.json .

                 

                If you want keycloak to use Relational database instead of mongo, then it's probably easier to switch to external Keycloak instead of reconfiguring embedded keycloak instance.

                  • Actions