[keycloak-user] KeyCloak and identity management for Java EE
Bill Burke
bburke at redhat.com
Wed Aug 26 08:43:37 EDT 2015
You are correct. Keycloak is not in the IDM API business. Each
application rolling their own security for their own identity model is
just a poor way of doing things. Instead each application is integrated
with SSO via SAML/OpenID Connect, the server has a common identity model
and federation plugins map to this model. The Server does have a remote
REST API, but we discourage using this, as most identity management
should be done by the server.
On 8/23/2015 10:52 AM, Mitya wrote:
> Hi,
>
> We are assessing several auth/IDM/SSO solutions for our project (an
> enterprise Java EE application with REST services and WebSocket
> endpoints). Initially, we leaned towards PicketLink, but recently I've
> been advised several times to prefer KeyCloak instead. I'm still
> hesitant because PicketLink offers a concise, well-architectured,
> JavaEE-integrated IDM API that suits our needs perfectly. Imagine that
> you need to:
>
> 1) identify currently logged-in user and retrieve his common
> attributes (like name, email, photo etc.);
> 2) determine the user's roles and groups;
> 3) enumerate users of any given role/group, or perform more
> sophisticated user search.
>
> With PicketLink, all the above is done quite straightforward, using
> Identity/IdentityManager/PartitionManager/RelationshipManager classes.
> Yet, I didn't figure out how to implement the same with KeyCloak.
>
> Any help appreciated. Thanks!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list