[keycloak-user] Keycloak 1.1.0.Final Released
Bill Burke
bburke at redhat.com
Sun Feb 15 11:33:45 EST 2015
Working on claims right now. Should have something end of next week.
Can you think of anything that would make kerberos or any other feature
easier to configure or use? Your feedback would be a great help.
On 2/14/2015 5:03 PM, Raghu Prabhala wrote:
> Bill - Just wanted to let you know the Identity Broker currently being
> built meets my requirements. I have successfully tested out a complex
> scenario (given below) involving both SPNEGO as well as SAML Service
> Provider functionality
>
> 1) KC on two hosts acting as SAML IDP using SPNEGO as Identity Broker.
> 2) KC on another host acting as SAML SP communicating with IDP (Point
> 1) and a client using OpenID Connect (Point 3)
> 3) A Client application communicating with KC (refer to Point 2) using
> OpenID Connect
>
> Any user accessing the client application will now be seamlessly
> authenticated without entering password. Now I am looking for the
> "custom profiles" functionality which would help me move forward. Just
> to reiterate my requirement - once the user is authenticated, I would
> like to make a LDAP call (in some cases multiple calls to different
> repositories) to retrieve all user information that should eventually be
> populated in the SAML claims or OIDC id_token selectively.
>
> A big thank you to you and the entire dev team for accommodating our
> requests :-). Great Job!!!
>
> Regards,
> Raghu
> ------------------------------------------------------------------------
> *From:* Raghu Prabhala <prabhalar at yahoo.com>
> *To:* Bill Burke <bburke at redhat.com>; "keycloak-user at lists.jboss.org"
> <keycloak-user at lists.jboss.org>
> *Sent:* Monday, February 9, 2015 8:13 AM
> *Subject:* Re: [keycloak-user] Keycloak 1.1.0.Final Released
>
> I think that would satisfy my requirements - but not sure until I see
> that bridge along with the Identity broker functionality in the next
> beta release - eagerly waiting for it.
>
>
> ------------------------------------------------------------------------
> *From:* Bill Burke <bburke at redhat.com>
> *To:* keycloak-user at lists.jboss.org
> *Sent:* Friday, February 6, 2015 10:21 AM
> *Subject:* Re: [keycloak-user] Keycloak 1.1.0.Final Released
>
> Keycloak won't be a kerberos server any time soon, if ever. We are
> creating a SAML/OIDC to kerberos bridge though.
>
> On 1/30/2015 10:52 AM, Raghu Prabhala wrote:
> > Unfortunately yes. Kerberos is deeply ingrained in most of internal
> applications/processes. While we can ask any new applications to use
> certificates, we have to support Kerberos.
> >
> > If that is not something that you will support, probably identity
> brokering would help. I can write a Kerberos broker as long as it is
> given control ( need http request) immediately by Keycloak, perhaps I
> can handle both authentication with key tabs (for system accts) as well
> as SPNEGO for users
> >
> > Sent from my iPhone
> >
> >> On Jan 30, 2015, at 9:01 AM, Stian Thorgersen <stian at redhat.com
> <mailto:stian at redhat.com>> wrote:
> >>
> >>
> >>
> >> ----- Original Message -----
> >>> From: "Raghu Prabhala" <prabhalar at yahoo.com
> <mailto:prabhalar at yahoo.com>>
> >>> To: "Stian Thorgersen" <stian at redhat.com <mailto:stian at redhat.com>>
> >>> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>>, "keycloak-user"
> <keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>>
> >>> Sent: Friday, 30 January, 2015 2:44:14 PM
> >>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
> >>>
> >>> Great. Looking forward to the 1.2 Beta version.
> >>> Regarding the system account support, from my perspective, it is very
> >>> important because we have thousands of applications that interact
> with each
> >>> other using system accounts (authentication with Kerberos with
> keytabs) and
> >>> till we have that functionality, we will not be able to consider
> Keycloak as
> >>> a SSO solution even though it is coming out to be a good product.
> The sooner
> >>> we have it, the better. Hopefully, even other users will pitch in
> to request
> >>> that functionality so that you can bump it up in your priority list.
> >>> Thanks once again.Raghu
> >>
> >> For your use-case would it have to be Kerberos? Only options we've
> been considering are certificates and jwt/jws.
> >>
> >>> From: Stian Thorgersen <stian at redhat.com
> <mailto:stian at redhat.com>>
> >>> To: Raghu Prabhala <prabhalar at yahoo.com <mailto:prabhalar at yahoo.com>>
> >>> Cc: keycloak dev <keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>>; keycloak-user
> >>> <keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>>
> >>> Sent: Friday, January 30, 2015 2:10 AM
> >>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
> >>>
> >>>
> >>>
> >>> ----- Original Message -----
> >>>> From: "Raghu Prabhala" <prabhalar at yahoo.com
> <mailto:prabhalar at yahoo.com>>
> >>>> To: "Stian Thorgersen" <stian at redhat.com <mailto:stian at redhat.com>>
> >>>> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>>, "keycloak-user"
> >>>> <keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>>
> >>>> Sent: Thursday, January 29, 2015 6:44:11 PM
> >>>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
> >>>>
> >>>> Congrats Keycloak team. A great deal of features in this release -
> really
> >>>> like SAML and clustering.
> >>>>
> >>>> But what I am really looking for is the next release as we need
> all the
> >>>> features you listed -any tentative dates for the beta version?
> >>>
> >>> We might do a beta soon, but that'll only include identity
> brokering. The
> >>> other features will be at least a month away.
> >>>
> >>>>
> >>>> The functionality provided so far seems to be targeted toward users
> >>>> accounts.
> >>>> When can we expect support for System accounts (with diff auth
> mechanisms
> >>>> like certificates, Kerberos etc?
> >>>
> >>> Some time this year we aim to have system accounts with
> certificates, it'll
> >>> depend on priorities. We don't have any plans to support Kerberos
> >>> authentication with system accounts, but maybe that makes sense to
> add as
> >>> well.
> >>>
> >>>
> >>>
> >>>>
> >>>> Thanks,
> >>>> Raghu
> >>>>
> >>>> Sent from my iPhone
> >>>>
> >>>>> On Jan 29, 2015, at 2:11 AM, Stian Thorgersen <stian at redhat.com
> <mailto:stian at redhat.com>> wrote:
> >>>>>
> >>>>> The Keycloak team is proud to announce the release of Keycloak
> >>>>> 1.1.0.Final.
> >>>>> Highlights in this release includes:
> >>>>>
> >>>>> * SAML 2.0
> >>>>> * Clustering
> >>>>> * Jetty, Tomcat and Fuse adapters
> >>>>> * HTTP Security Proxy
> >>>>> * Automatic migration of db schema
> >>>>>
> >>>>> We’re already started working on features for the next release. Some
> >>>>> exiting features coming soon includes:
> >>>>>
> >>>>> * Identity brokering
> >>>>> * Custom user profiles
> >>>>> * Kerberos
> >>>>> * OpenID Connect interop
> >>>>>
> >>>>> _______________________________________________
> >>>>> keycloak-user mailing list
> >>>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >>>
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com <http://bill.burkecentral.com/>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list