<html><body><div style="font-family: Arial; font-size: 12pt; color: #000000"><div>I certainly don't mean to downplay the value of being able to manage accounts. Being able to assign custom roles that are not reflected in LDAP/AD is going to be important, and necessary for social logins. And even though we would prefer not deal with local passwords, being able to support that feature with a toggle in a UI is a selling point.<br></div><div><br></div><div><span name="x"></span><div>Regards<br></div><div><br></div><div>Matthew Casperson<br><a data-mce-href="https://www.redhat.com/wapps/training/certification/verify.html?certNumber=111-072-237&isSearch=False&verify=Verify" href="https://www.redhat.com/wapps/training/certification/verify.html?certNumber=111-072-237&isSearch=False&verify=Verify">RHCE, RHCJA # 111-072-237</a><br>Engineering Content Services<br>Brisbane, Australia</div><span name="x"></span><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;" data-mce-style="color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Bill Burke" <bburke@redhat.com><br><b>To: </b>keycloak-dev@lists.jboss.org<br><b>Sent: </b>Saturday, 7 December, 2013 8:54:21 AM<br><b>Subject: </b>Re: [keycloak-dev] Can KeyCloack be used without any passwords?<br><div><br></div>On 12/6/2013 4:35 PM, Matt Casperson wrote:<br>> If KeyCloak could give us the ability to defer account and password<br>> management entirely to social logins or an existing LDAP/AD database<br>> with something as simple as a toggle in the admin console, it would be a<br>> huge win.<br>><br><div><br></div>Keycloak aims to be an SSO solution, not an SSO adapter.<br><div><br></div>For non-social deployments, account management is a huge part of what <br>Keycloak does. Maybe I'm naive in thinking admins will want to use <br>Keycloak to management accounts though.<br><div><br></div>Even for social deployments, there's a lot of account management <br>involved, i.e. managing oauth grants, registering devices, all things we <br>want to be able to do.<br><div><br></div><br>What is stored in LDAP/AD databases usually? user/password/credentials <br>only? What about permissions/role mappings? Is doing a background sync <br>to an LDAP/AD database not something people are going to want to do? <br>Syncing means credentials are copied.<br><div><br></div>Bill<br><div><br></div>-- <br>Bill Burke<br>JBoss, a division of Red Hat<br>http://bill.burkecentral.com<br>_______________________________________________<br>keycloak-dev mailing list<br>keycloak-dev@lists.jboss.org<br>https://lists.jboss.org/mailman/listinfo/keycloak-dev<br></div><div><br></div></div></body></html>