[keycloak-dev] Can KeyCloack be used without any passwords?
Matt Casperson
mcaspers at redhat.com
Sat Dec 7 15:20:51 EST 2013
I certainly don't mean to downplay the value of being able to manage accounts. Being able to assign custom roles that are not reflected in LDAP/AD is going to be important, and necessary for social logins. And even though we would prefer not deal with local passwords, being able to support that feature with a toggle in a UI is a selling point.
Regards
Matthew Casperson
RHCE, RHCJA # 111-072-237
Engineering Content Services
Brisbane, Australia
----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: keycloak-dev at lists.jboss.org
Sent: Saturday, 7 December, 2013 8:54:21 AM
Subject: Re: [keycloak-dev] Can KeyCloack be used without any passwords?
On 12/6/2013 4:35 PM, Matt Casperson wrote:
> If KeyCloak could give us the ability to defer account and password
> management entirely to social logins or an existing LDAP/AD database
> with something as simple as a toggle in the admin console, it would be a
> huge win.
>
Keycloak aims to be an SSO solution, not an SSO adapter.
For non-social deployments, account management is a huge part of what
Keycloak does. Maybe I'm naive in thinking admins will want to use
Keycloak to management accounts though.
Even for social deployments, there's a lot of account management
involved, i.e. managing oauth grants, registering devices, all things we
want to be able to do.
What is stored in LDAP/AD databases usually? user/password/credentials
only? What about permissions/role mappings? Is doing a background sync
to an LDAP/AD database not something people are going to want to do?
Syncing means credentials are copied.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20131207/1b8ad53e/attachment.html
More information about the keycloak-dev
mailing list