[keycloak-user] Keycloak Modules developed for the Cloudtrust project
Pedro Igor Silva
psilva at redhat.com
Fri Aug 10 12:51:50 EDT 2018
Cool stuff ! Thanks for sharing.
I've looked keycloak-authorization very quickly and changes look really
simple, I'm glad to start a discussion about supporting this OOTB. Maybe
this can be part of the review of admin fine-grained permissions we are
planning.
Regards.
Pedro Igor
On Fri, Aug 10, 2018 at 9:43 AM, Marek Posolda <mposolda at redhat.com> wrote:
> Thanks for the heads up!
>
> IMO it will be cool if you send PR for the javascript mapper directly to
> Keycloak, however we may need automated test and also docs (separate PR
> needs to be sent for the docs).
>
> For the keycloak-authorization and keycloak-export (and maybe for
> keycloak-client-mappers too if you don't have time for the PR to
> upstream), it may be good to send PR to update the extensions page
> maybe? It's here: https://www.keycloak.org/extensions.html and sources
> are here:
> https://github.com/keycloak/keycloak-web/tree/master/src/
> main/resources/extensions
> . Assuming that those things are generally useful for the other users
> from the community (I am not 100% sure about the keycloak-authorization.
> Rather leaving to you to decide if it's generally useful or not). The
> keycloak-wsfed is already on the extensions page.
>
> Thanks!
> Marek
>
>
> On 10/08/18 11:44, Doswald Alistair wrote:
> > Hello,
> >
> > I just wanted to let this mailing list know that for the Cloudtrust
> project (https://github.com/cloudtrust), we have developed a certain
> number modules for Keycloak. These are currently compatible with the
> version 3.4.3.Final of Keycloak, but we will make them compatible with
> Keycloak 4.X (where X will be the latest sub-version of Keycloak when we
> start working on this) as soon as we can. These modules are:
> >
> > * keycloak-wsfed (https://github.com/cloudtrust/keycloak-wsfed): an
> implementation of the WS-Federation protocol for keycloak. This allows to
> select the WS-Federation protocol for Keycloak clients and for identity
> brokers.
> >
> > * keycloak-authorization (https://github.com/cloudtrust/keycloak-
> authorization): this module allows the use of the client authorization
> system to prevent a user which is authenticated in a Keycloak realm to
> access a given client. It works no matter which protocol is used, and
> without the client having to support any extra protocol. Note: this
> solution is a bit hacky, but necessary for one of our use-cases.
> >
> > * keycloak-client-mappers (https://github.com/
> cloudtrust/keycloak-client-mappers): a module for adding any mappers that
> we might need that are not yet part of Keycloak. Currently only contains a
> JavaScript mapper for SAML, analogous to the OIDC script mapper. I've
> noticed that there's an open issue for this feature (
> https://issues.jboss.org/browse/KEYCLOAK-5520). If desirable I could
> submit this code not as a module but a solution to the issue.
> >
> > * keycloak-export (https://github.com/cloudtrust/keycloak-export): a
> module adding an endpoint to fully export a realm while Keycloak is still
> running (no need for restarts!).
> >
> > Cheers,
> >
> > Alistair
> >
> > PS: I'm mailing this both dev and user mailing lists as I believe it may
> interest members of both mailing lists
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list