[keycloak-dev] Additional things to consider for 1.0.final
Stian Thorgersen
stian at redhat.com
Thu Jul 17 09:20:25 EDT 2014
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Thursday, 17 July, 2014 2:14:21 PM
> Subject: Re: [keycloak-dev] Additional things to consider for 1.0.final
>
>
>
> On 7/17/2014 8:55 AM, Stian Thorgersen wrote:
> > As we didn't have enough things to do last minute I come up with more
> > things which I think we should do for 1.0.final:
> >
> > 1. Configure JPA through keycloak-server.json instead of persistence.xml
> >
> > This would be super simple to do, and would let us have a single
> > persistence.xml for everything (testsuite, server, project-integrations).
> > Everything worthy of configuring in persistence.xml (including datasource)
> > can be passed in the Map overrides when creating the EntityManagerFactory.
> >
>
> -1. I don't think learning a new configuration format for
> persistence.xml is user friendly. Users would have to translate the
> Hibernate documentation to our json format.
It would support both, configuration can either be done through persistence.xml or keycloak-server.json. We could use the same property names, so it would just be a matter of putting it in keycloak-server instead of properties in persistence.xml.
Also, why do our users need to understand Hibernate/JPA just to be able to configure what data-source to use for Keycloak?
>
> >
> > 2. Introduce server-dependencies-min and server-dependencies-all poms
> >
> > We have a few places that includes all the dependencies required (server,
> > testsuite/integration and testsuite/) as well as other project such as
> > AeroGear and LiveOak. Instead of everyone having to list all the
> > dependencies they could have a single dependency on either
> > server-dependencies-min or server-dependencies-all. Min would exclude most
> > if not all provider implementations (such as PicketLink/LDAP, social
> > providers, etc).
> >
>
> +1
>
> >
> > 3. TOTP SPI
> >
> > At the moment we only support Google Authenticator, I don't think that's
> > sufficient. We should at the very least add support for one more, and have
> > an SPI so users can add their own. I think this would be related to the
> > UserProvider sync work, as some UserProvider implementations may require
> > both a password and totp to verify a users credentials, while others would
> > only be able to verify the password and then have Keycloak verify the
> > totp.
> >
>
> +1. Do we have cycles to include in 1.0?
>
> > Also, do we need to support users with more than one totp? Personally I
> > have two for work (one I use daily and another for backup).
>
> +1. Do we have cycles to include in 1.0?
> \
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list