[keycloak-user] Exposing keycloak to clients or hide it

Stian Thorgersen sthorger at redhat.com
Tue Feb 7 04:07:26 EST 2017


There are two main things you'd miss:

* Direct support for roles - there are ways to do this though
* Backchannel logout - our logout mechanism for OIDC is currently
proprietary as there was no OIDC spec for it when we implemented it, and
it's still only a draft I believe

On 6 February 2017 at 16:40, Istvan Orban <istvan.orban at gmail.com> wrote:

> Hi Everyone,
>
> I have set-up keycloak locally and I like it a lot. I generally like to
> hide implementation detail from related services so that they can be
> decoupled.
> I know keycloak have libs for plenty of different frameworks etc, although
> I am thinking about setting it up using Apache and mod_auth_openidc
> The advantage is that our software will have openid connect as a dependency
> rather than keycloak. I would like to ask you what I am missing out with
> such a setup?
> Are there any major features I am loosing by not using keycloak specific
> clients libs to connect my appllications to keycloak directly?
>
> Thanks for any insights !
>
> Istvan
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list