Keycloak SSO Released – Alpha 1

5 Comments

Keycloak is an SSO authentication server and appliance for securing web applications and RESTful web services.  After 7 months of hard work, the Keycloak team (Bill Burke, Stian Thorgersen, Gabriel Cardoso, Viliam Rockai, Alexandre Mendonca, and Bolesław Dawidowicz) is proud to announce our first release, Alpha-1!  There’s still a lot to do, but there’s a lot you of features you can try out.  Besides written documentation, we’ve put together a bunch of video screencasts that you can view to learn and experience the features of Keycloak.

These are some of the core feature of Keycloak:

  • SSO and Single Log Out for browser applications
  • Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
  • Openshift Quick Start so you can deploy Keycloak on the cloud
  • Optional User Registration
  • Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
  • Forgot password management
  • OAuth Bearer token auth for REST Services
  • Integrated Browser App to REST Service token propagation
  • OAuth Bearer token auth for REST Services
  • OAuth 2.0 Grant requests
  • CORS Support
  • CORS Web Origin management and validation
  • Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
  • Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
  • Deployable as a WAR, appliance, or on Openshift.
  • Supports JBoss AS7, EAP 6.x, and Wildfly applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java application

Go to the Keycloak website and follow the links to download, view documentation and videos, browse our source code, and submit bugs.

What’s Next?
As I said before, there’s still a lot to do, but here’s some things that will get in sooner rather than later:
  • Stan Silvert has written a Wildfly subsystem for Keycloak that didn’t get into the Alpha 1 release.  When we get this in, it will be super easy to secure web applications within a Wildfly environment.  You won’t have to crack open your WARs to add Keycloak configuration and enabling Keycloak security may be as easy as a doing a few clicks in the admin console.
  • Storage protection.  We’ll be adding support for more secure password hashing as well as storage encryption capabilities for the Keycloak database.  Its uber important to be able to have a 2nd level of defense for hacks.
  • Revocation policies. We need to be able to expire all tokens just in case somebody gets hacked and broadcast this information to deployed applications.
  • User session management.  This will allow you to view which users are logged in and give you the ability to log out one or more users.
  • Composite roles.  This will be the concept of a role group.  This will make it easier to change role mappings for a large set of users.

Thank You!

Finally, I want to give a huge thank you to everybody that helped make this release possible (Stian Thorgersen, Gabriel Cardoso, Viliam Rockai, Alexandre Mendonca, and Bolesław Dawidowicz).  Especially Stian for being such a great co-lead and Gabriel for doing such awesome design work.  This has been the best team I’ve been on since the good old JBoss Group days years and years ago, pre-aquisition when JBoss was young.

Geothermal HVAC Part 4: Costs, Savings, and Performance

Leave a comment

Costs

Tim might be upset with me sharing the costs,  but in my research it was kind of hard to find hard numbers and you should really know what you’re getting into before you waste people’s time.  The initial quote did not include electrician work nor yard work.

  • $48,500 for the drilling, ductwork, old system removal, and the ClimateMaster units.  Remember, our home was 4000 square feet and required two ClimateMaster units.  Your home, if smaller, could be less drilling and 1 less unit.
  • Roughly $2000 for the electrical work which was not included in the quote
  • Roughly $2000 for the yard work to replace bushes and rake and loam the damage property.
  • All this is covered by the Federal %30 Tax Credit!  (Credit not deduction), so the net install cost was around $37,000.

Savings

Early, but not complete returns are in.  Over the summer, compared to last year, it looked like I used 20-25% less electricity than the months of the previous year comparing 2012 to 2013.  My November 15th-December 15th electricity usage (3205 kWh) was about 2.5 times more than the time period last year (1300kWh).  Our total electric bill for this period was $320, so you figure about $200 for heating over that decently cold time period. I’ll update this page when the December-January numbers come in and I expect a further increase in electricity usage.

Our total oil heating bill generally averaged about $4000 per year (October-April).  So, for a nice SWAG, you figure we’re saving about $3000 per year if you include the summer months savings too.  At todays prices, the pay off for the system is about 12 years.  BUT…Because my old system was so old and needed replacing anyways, I factor that cost into the equation as well, so the payoff is probably even shorter.

Performance

The 3rd week of December, 2013 has been pretty damn cold.  We had a few days of sub-zero temperatures and the system performed perfectly.  The system has 3 modes of heating.  Heating 1, which is ultra efficient.  Heating 2, which is full capacity, and Heating 3, which is emergency heating that actually uses full electricity to generate heat.  Even on those sub-zero days it seemed every time I checked, I was at Heating 1, so the system is performing really really well.

Geothermal HVAC Part 3: Installing In House System

Leave a comment

In this section I’ll talk about the work that had to be done inside of the house.

Our old system

Our old heating system had different forced-air ductwork than our cooling system.  The heating system used 1 oil burner with ductwork that went to both the 1st and 2nd floors coming up through vents in the floor.  The cooling system had an outside condenser that ran coolant through a pipe up to a blower in the attic.  The cooling system’s ductwork was separate from the heating and ran through our attic.

Our new system

For our Geo system, our guy decided to re-use the old heating ductwork to heat and cool the 1st floor.  The old heating ductwork for the 2nd floor was sealed off and not used.  The 1st floor ductwork was connected to a Water-to-Air ClimateMaster TTV064.  This unit was put in our basement where the old oil furnace was.

For the 2nd floor, the old cooling system’s attic ductwork was re-used.  A new blower was installed in the attic.  The coolant pipe used to connect the old blower to the outside condenser was also re-used and connected to a Water-to-Water ClimateMaster TTS038.  This unit was also put in our basement where our oil tank used to be.

Other work and Total Time

The attic ductwork was wrapped with additional insulation.  It also took some time to remove the oil tank, disessemble and remove the oil heater, old blower, and A/C condenser outside.  All and all, removing the old stuff and installing the new units took another 2 weeks beyond the drilling.

Geothermal HVAC Part 2: Installing The Loop

Leave a comment

I’m finally getting around to finishing up my write up on my Geothermal HVAC install.  In Part 1, I discussed why I was doing it and how I was able to get a quote.  For Part 2, I’ll talk about the outside drilling and close loop install.

The outide work took about 2 weeks to do and entailed drilling 3 bore-holes 350 ft deep, laying pipe in these holes, digging a trench to connect the holes, drilling into your foundation to bring the pipe into your home, and finally filling the holes and getting rid of extra material.  Be prepared for a part of your yard to be destroyed.  We required an area about 50′x30′.  The bushes in front on the left side of our house all had to be dug up.  The holes were about 15′ apart starting from the left side of the house .  While the holes themselves and the pipe connecting them only required a 5′ wide trench, there is a ton of material that comes from both the drilling and the trench that ends up taking up and piling up on the rest of the 50′x30′ space.  When everything was buried and that side of the lawn leveled out, we ended up having a lot of left over dirt which was spread out and dumped and packed in a different 20′x20′ area in our woods (yes we have a lot of acrage).  I must tell you, I was a bit freaked out by the damage to our lawn at first, but after only a few months you won’t even know drilling actually happened.  Nature repairs itself quite quickly!

photo

The drilling equipment was quite large.  The drilling was done in late April and our yard was still quite muddy from the Spring thaw.  While they did put boards down on the lawn they left some deep tracks driving in that had to be repaired in the front of our lawn.  Also notice how close to the house they had to get.  This was fine btw!

photo(1)

This is the material left over from 1 borehole drill.

photo(2)

Here is the pipe they put into the holes.

photo(4)

photo(3)

Here is the trench they had to dig to connect the boreholes together and feed it into our house.  The trench was about 5′ deep and about 5′ wide.  They also drill into your foundation 5′ down to get the closed-loop pipe feed into your home.

Resteasy 3.0.6 Released

1 Comment

Resteasy 3.0.6.Final has been released today.  This is a maintenance release.  Netty 4 JAX-RS 2.0 Async APIs actually work now!  As usual, check out http://jboss.org/resteasy for how to download the distro and view documentation.

New Keycloak Project: SSO for Browser, Social, and REST Services

4 Comments

I’d like to officially announce the new project I’m co-leading with Stian Thorgersen: Keycloak!  Some of you may already have heard hints about this on the Resteasy dev list, but since July I’ve been working with some great Red Hat guys (Stian, Gabriel, Villiam, Bolek, Alexandre, and Marek) to put together an SSO solution for browser, social, and REST service applications.  There is no release yet!  But we’re getting close to releasing our first Alpha.

Check out our screencast presentation and demo of what we got and what we’re doing:

Here’s a list of features we have or are planning to add over the coming months.

  • SSO and Single Log Out for browser applications
  • Social Broker.  Enable Google, Facebook, Yahoo, Twitter social login with no code required.
  • Optional User Registration
  • Password and TOTP support (via Google Authenticator).  Client cert auth coming soon.
  • OAuth Bearer token auth for REST Services
  • Integrated Browser App to REST Service token propagation
  • OAuth 2.0 Grant requests
  • CORS Support
  • CORS Web Origin management and validation
  • Completely centrally managed user and role mapping metadata.  Minimal configuration at the application side
  • Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
  • Deployable as a WAR, appliance, or an Openshift  cloud service (SaaS).
  • Supports JBoss AS7, EAP 6.x, and Wildfly applications.  Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.

We would love to see anybody interested drop by on the keycloak-dev email list.  We looking to do our first alpha release sometime before Christmas.  The code was taken from the RESTEasy OAuth work I did earlier this year as well as the social broker service Stian Thorgersen and the portal team were prototyping early this year.  We’re also trying to leverage Picketlink where appropriate.

My new book! RESTful Java with JAX-RS 2.0

14 Comments

My 2nd edition of RESTful Java is out!  RESTful Java with JAX-RS 2.0 covers the spec additions to JAX-RS 2.0 including 3 new chapters:

  • JAX-RS 2.0 Client API
  • Asynchronous Client and Server APIs
  • Filters and Interceptors

The book has also been revised here and there to cover some of the smaller features that were added to JAX-RS 2.0 like ParamConverters, Link, an the extensions added to UriBuilder.  The workbook examples and chapters have been revised and expanded to cover this new content as well, so you really get 6 new chapters in total.    Many thanks  to Fernando Nasser, Melanie Yarborough, Meghan Blanchette, Meghan Connolly, and Charlie Roumeliotis for making this happen.  I’d also like to thank the JAX-RS 2.0 JSR Expert Group, especially Marek Potociar, Santiago Pericas-Geertsen, and Sergey Beryozkin.

 

Older Entries Newer Entries

Follow

Get every new post delivered to your Inbox.

Join 691 other followers

%d bloggers like this: