[keycloak-user] Using Keycloak to build organization SSO server.
Bill Burke
bburke at redhat.com
Wed Jun 17 08:41:25 EDT 2015
Keycloak can manage SSO and roles. We don't have the concept of groups
or permissions. Role groups are something we call a "composite role".
The way roles work is that you can have realm-level roles, or roles that
are associated with an application/client. You can federate user
storage in AD and DBs together. ADs should probably work out of the box
with some configuration. DBs would take custom coding to work with your
schema, but was have an SPI for it.
I don't know how Shibboleth compares to Keycloak. We're moving fast
though. We currently rely on Picketlink for our SAML client adapter.
That's it though. In the near future we will be porting the PL SAML
client adapter to Keycloak.
On 6/17/2015 3:03 AM, Subhrajyoti Moitra wrote:
> Hello,
> My organization, is trying to implement a SSO service internally, so
> that various business applications can authenticate against it. We also
> want this SSO service to manage roles, groups,permissions, role-group
> memberships etc.
> Currently this authentication is happening using DB tables and Active
> Directory server.
> We want to hook up these with the keycloak server.
>
> Can this be done using Keycloak? how does keycloak compare to shibboleth?
> Will using picketlink in client applications help in anyway to speed up
> development.
>
>
> Thanks for your patience,
> Subhro.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list