<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Under Keycloak authentication, I would suggest Kerberos, ldap, otp, certificates etc rather than oidc, saml which are not authentication mechanism. </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">It should be similar to what you have put under openunison authentication <br><br>Sent from my iPhone</div><div><br>On Feb 24, 2016, at 12:56 PM, Marc Boorshtein <<a href="mailto:marc.boorshtein@tremolosecurity.com">marc.boorshtein@tremolosecurity.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">So after I actually put the slide together I realized I'd never be able to put this much information on one slide. So I tried to distill it down to really key points:<div><br></div><div><a href="https://s3.amazonaws.com/ts-public-downloads/random/Slide11.png">https://s3.amazonaws.com/ts-public-downloads/random/Slide11.png</a><br></div><div><br></div><div>Let me know what you think. Again, I appreciate the feedback.</div><div><br></div><div>Thanks</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature">Marc Boorshtein<div>CTO Tremolo Security</div><div><a href="mailto:marc.boorshtein@tremolosecurity.com" target="_blank">marc.boorshtein@tremolosecurity.com</a></div><div><a href="mailto:marc.boorshtein@tremolosecurity.com" target="_blank"></a><span style="font-family:Arial,sans-serif;font-size:13px"><a title="Go to phones" href="https://www.google.com/voice?utm_source=en-ha-na-us-bk&utm_medium=ha&utm_term=google+voice&utm_campaign=en&pli=1#phones" style="color:rgb(0,0,0);text-decoration:none" target="_blank">(</a>703) 828-4902</span></div></div></div>
<br><div class="gmail_quote">On Wed, Feb 24, 2016 at 12:22 PM, Marc Boorshtein <span dir="ltr"><<a href="mailto:marc.boorshtein@tremolosecurity.com" target="_blank">marc.boorshtein@tremolosecurity.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Bill. I'm envisioning a slide with 3 columns (one for OpenUnison, one for KC and one where there's overlap) so I'm going to try and keep it brief but will certainly talk to anything I don't write down.<div><br></div><div>Here's what I'm thinking for each column including your comments:</div><div><br></div><div>OpenUnison</div><div>Authentication</div><div>* Kerberos</div><div>* Certificate</div><div>* Banner</div><div>* Username Only</div><div>* OTP over SMS</div><div>* OTP over Email</div><div>* Symantec VIP</div><div>* JIT Provisioning</div><div>* Authentication Levels</div><div><br></div><div>User Data Sources</div><div>* Integrated Virtual Directory</div><div><br></div><div>Role Management</div><div>* Workflow based approvals</div><div>* Multi stage approvals</div><div>* Escalations</div><div><br></div><div>Application Integration</div><div>* Reverse Proxy with LastMile (J2EE/Apache/.NET)</div><div>* Reverse Proxy with SAML Login</div><div>* Reverse Proxy with Kerberos Constrained Delegation</div><div><br></div><div>UI Pages</div><div>* Generic JSP</div><div><br></div><div><br></div><div><div style="font-size:12.8px"><span style="font-size:12.8px">Common</span></div><div style="font-size:12.8px"><span style="font-size:12.8px">Authentication</span></div><div style="font-size:12.8px"><span class=""><div style="font-size:12.8px">* OIDC</div><div style="font-size:12.8px">* SAML2</div><div style="font-size:12.8px">* Social</div><div style="font-size:12.8px">* TOTP</div></span><div style="font-size:12.8px">* IdP "Broker" for both SAML2 and OIDC</div><div style="font-size:12.8px">* Login Chain / Flow</div><div style="font-size:12.8px">* Custom Interface</div></div><div><br></div><div>User Data Stores</div><div>* LDAP</div><div>* DB</div><div>* AD</div><div>* Custom</div><div>* Password reset</div><div>* Profile Updates</div><div><br></div><div>Role Management</div><div>* Map to multiple data sources</div><div>* Web services integration</div><span class=""><div><br></div><div>Application Integration</div><div>* SAML2</div><div>* OIDC/OAuth2</div><div>* <span style="font-size:12.8px">Reverse Proxy with header injection</span></div></span></div><div><br></div><div><br></div><div>KeyCloak</div><div><div style="font-size:12.8px">Authentication</div><div style="font-size:12.8px">* OIDC</div><div style="font-size:12.8px">* Social</div><div style="font-size:12.8px">* TOTP</div><div style="font-size:12.8px">* <span style="font-size:12.8px">User session management</span></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">User Data Sources</div><div style="font-size:12.8px">* Integrated SPI</div><span class=""><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Role Management</div><div style="font-size:12.8px">* Local database</div><div style="font-size:12.8px">* Mapped to external data source</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Application Integration</div></span><div style="font-size:12.8px">* OIDC/OAuth2</div><div style="font-size:12.8px">* REST Web Services</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">UI Pages</div><div style="font-size:12.8px">* Themed</div></div><div style="font-size:12.8px">* <span style="font-size:12.8px">Internationalization/</span><span style="font-size:12.8px">Localization</span></div><div style="font-size:12.8px"><span style="font-size:12.8px"><br></span></div><div style="font-size:12.8px">Anything you would like changed or mentioned?</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Thanks</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div><span class="">Marc Boorshtein<div>CTO Tremolo Security</div><div><a href="mailto:marc.boorshtein@tremolosecurity.com" target="_blank">marc.boorshtein@tremolosecurity.com</a></div></span><div><a href="mailto:marc.boorshtein@tremolosecurity.com" target="_blank"></a><span style="font-family:Arial,sans-serif;font-size:13px"><a title="Go to phones" href="https://www.google.com/voice?utm_source=en-ha-na-us-bk&utm_medium=ha&utm_term=google+voice&utm_campaign=en&pli=1#phones" style="color:rgb(0,0,0);text-decoration:none" target="_blank">(</a><a href="tel:703%29%20828-4902" value="+17038284902" target="_blank">703) 828-4902</a></span></div></div></div><div><div class="h5">
<br><div class="gmail_quote">On Wed, Feb 24, 2016 at 11:22 AM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Much more:<br>
- IDP brokering (Keycloak can be a child IDP to a parent IDP)<br>
- reset credentials<br>
- registration (with or without recaptcha)<br>
- required actions (verify email, update credentials, update
profile)<br>
- User session management<br>
<br>
Custom SPIs to create/augment:<br>
- browser login flow<br>
- reset credential flow<br>
- registration<br>
- REST validation<br>
- service accounts<br>
<br>
With this SPI you can add custom authentication types, perform
workflow actions, etc...<br>
<br>
User self-help:<br>
- Account management for logged in users.<br>
<br>
Internationalization/Localization:<br>
- Basically all UIs (admin console, login, <br><div><div>
<br>
<div>On 2/24/2016 8:20 AM, Marc Boorshtein
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div>
<div dir="ltr">All,
<div><br>
</div>
<div>I'm going to be presenting OpenUnison at an OpenShift
briefing tomorrow and have been asked to include a slide on
how OpenUnison and Keycloak relate to each other. Based on
getting Keycloak running and looking at the website and
following the list I'm planning on breaking down KC's features
as such:</div>
<div><br>
</div>
<div>Authentication</div>
<div>* OIDC</div>
<div>* SAML2</div>
<div>* Social</div>
<div>* TOTP</div>
<div>* IdP "Proxy" for both SAML2 and OIDC</div>
<div><br>
</div>
<div>User Data Sources</div>
<div>* LDAP</div>
<div>* AD</div>
<div>* Custom</div>
<div><br>
</div>
<div>Role Management</div>
<div>* Local database</div>
<div>* Mapped to external data source</div>
<div><br>
</div>
<div>Application Integration</div>
<div>* SAML2</div>
<div>* OIDC/OAuth2</div>
<div>* Reverse Proxy with header injection</div>
<div><br>
</div>
<div>UI Pages</div>
<div>* Themed</div>
<div><br>
</div>
<div>I want to make sure this is accurate, so I'd appreciate any
feedback that you have.</div>
<div><br>
</div>
<div>Thanks</div>
<div><br clear="all">
<div>
<div>Marc Boorshtein
<div>CTO Tremolo Security</div>
<div><a href="mailto:marc.boorshtein@tremolosecurity.com" target="_blank">marc.boorshtein@tremolosecurity.com</a></div>
<div><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre><span><font color="#888888">
</font></span></blockquote><span><font color="#888888">
<br>
<pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</font></span></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div></div></div>
</blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>keycloak-user mailing list</span><br><span><a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></span><br><span><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></span></div></blockquote></body></html>