<div dir="ltr"><div>I'll share what I know with you in the hopes that it will help somehow. </div><div><br></div>Well KC (keycloak) is a super-set of the PL (PicketLink) functionality thus in theory it ought to work fine once it is ready and once some sort of migration path is known. You may not wish to move to KC due to the additional functionality which may be off-putting for lite applications but KC will perform everything PL did and more and will do so in VM memory if you so choose. <div><br></div><div>Essentially KC is a real federated authentication and authorization service with identity management that can run standalone or in-VM within a WildFly cluster. Although a Java implementation it works with other systems and languages out of process. It does integrate with Spring which may interest you.</div><div><br></div><div>The following link provides information for Wildfly 9 clustered installation:</div><div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install</a><br></div><div><br></div><div>Thus you should be able to have your authorization demands met _in VM_ as opposed to over-the-wire for performance reasons if necessary.</div><div><br></div><div>IMOP I think the KC project is the right move. They are fixing the big issue which is the lack of an opensource Federated Identity Management System. They also fixed little things such as Composite Roles which are missing from PL.</div><div><br></div><div> I merely disliked the abrupt change-over. I also can't move to keycloak until I have more of an idea how the migration would work. </div><div>For example, how different is the default KC relational schema from the default basic PL schema:</div><div><br></div><div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136</a><br></div><div><br></div><div>It is also not clear if keycloak has a CDI demand system ready like PicketLink. They only hint at it. <span style="line-height:1.5"> Also it runs in-cluster on Wildfly 9 and I am on 8. Nothing huge but issues that will need to be addressed. </span></div><div><span style="line-height:1.5"><br></span></div><div>Hope that helps. </div><div><span style="line-height:1.5"><br></span></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Nov 23, 2015 at 8:54 AM Arthur Gregório <<a href="mailto:arthurshakal@gmail.com">arthurshakal@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>And KC does not have the same purpose as the PL.</div><div><br></div><div>In short, I have no reason to migrate from one to the other, I use PL or go back to Spring Security.</div><div><br></div><div>But it seems that there has not been any development in PL, at least in recent months, in short, it seems that the project is dying and all that were used for its own account.</div><div><br></div><div>And with bugs like this <a href="https://developer.jboss.org/thread/266387" target="_blank">https://developer.jboss.org/thread/266387</a>, it's not cool to let the project stalled...<br></div><div><br></div></div><div class="gmail_extra"></div><div class="gmail_extra"><br clear="all"><div><div><b>Arthur P. Gregório</b><br><i>+55 45 9958-0302</i><br>@gregorioarthur<br><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br></div></div>
<br></div><div class="gmail_extra"><div class="gmail_quote">2015-11-23 11:47 GMT-02:00 Stephen Agneta <span dir="ltr"><<a href="mailto:sagneta@gmail.com" target="_blank">sagneta@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div>It certainly appears that everything has moved to key-cloak but I am unsure that keycloak is ready to take the burden of current Picketlink implementations. Nor am I sure how the migration process would occur. The abruptness of the change is a bit disconcerting. Having said that Picketlink is working fine save for one defect that which I requested that is on the git HEAD but not in any particular release. </div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div><div><div dir="ltr">On Mon, Nov 23, 2015 at 8:43 AM Arthur Gregório <<a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>> wrote:<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div>Picketlink is dead? </div><div><br></div><div>The last commit in the project repo was in 9 july.. </div><div><br></div><div>Is there a schedule for the new version or something like that?<br></div><div><br></div><div>at.,</div><br clear="all"><div><div><b>Arthur P. Gregório</b><br><i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55 45 9958-0302</a></i><br>@gregorioarthur<br><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br></div></div>
</div></div></div>
_______________________________________________<br>
security-dev mailing list<br>
<a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></blockquote></div>
</blockquote></div><br></div></blockquote></div>