<div dir="ltr">I only use JPA/LDAP authentication, simple and not need to mess with XML and have only a single Jar in my classpath without relying on my aplication server or something.<div><div><br></div><div>In short, KC can be very good at it, but for those who already have something done and solid in the PL, it is impossible to migrate.</div></div><div><br></div><div>Until someone says I can use the KC to do this [1] with the same effort that I have with the PL, I will continue thinking that the framework should receive attention again.<br></div><div><br></div><div>[1] <a href="https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authentication-form-with-jsf">https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authentication-form-with-jsf</a></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><b>Arthur P. Gregório</b><br><i>+55 45 9958-0302</i><br>@gregorioarthur<br><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br></div></div>
<br><div class="gmail_quote">2015-11-24 5:46 GMT-02:00 Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Keycloak now supports SAML SP
implementation, which doesn't require KC server. It can talk to
any other SAML Idp. The docs is here
<a href="http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html" target="_blank">http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html</a>
. For the future, we will mainly focus on improve/maintain the
Keycloak SAML SP rather than Picketlink.<br>
<br>
Also there is no need to fork the Picketlink project to your own,
you can still propose and send PR to Picketlink . This will allow
that more people from the community can suffer from your work.<span class="HOEnZb"><font color="#888888"><br>
<br>
Marek</font></span><div><div class="h5"><br>
<br>
<br>
On 23/11/15 23:40, larry mccay wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">This is a disappointing situation.
<div>PL should have been continued and then consumed by KC.</div>
<div>I will not be pulling in KC in its entirely in order to do
SAML SP implementations - we will need to move to something
else.</div>
<div><br>
</div>
<div>I suggest that a PL module be published from KC that has
minimal dependencies.</div>
<div>You can migrate the PL functionality to KC this way but not
force all of the new dependencies on consumers.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Nov 23, 2015 at 11:19 AM,
Arthur Gregório <span dir="ltr"><<a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I see this post, and i know what KC do..
<div><br>
</div>
<div>
<div>What I mean is that I do not need all the things
that KC does, I want simple with the something like
PL.</div>
<div><br>
</div>
<div>I posted in a thread about it on the same topic
"continuity of PL" on the dev list of KC and the same
answer was given.</div>
<div><br>
</div>
<div>PL is such a cool framework, I refuse to believe
that only I use it or only I noticed this deep sleep
that the project came...</div>
<div><br>
</div>
<div>Finally, the fact is that PL is like Spring
Security, a swatter convenient and fast flies. KC is
already like a cannon, large and meaningless to the
context of solving a simple problem like killing a
single mosquito.</div>
<div><br>
</div>
<div>But if so, the business is to make a project fork
and working on my own version.</div>
</div>
<div><br>
</div>
<div>at.,</div>
</div>
<div class="gmail_extra"><span><br clear="all">
<div>
<div><b>Arthur P. Gregório</b><br>
<i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55 45
9958-0302</a></i><br>
@gregorioarthur<br>
<a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
</div>
</div>
<br>
</span>
<div>
<div>
<div class="gmail_quote">2015-11-23 13:07 GMT-02:00
Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank"></a><a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Please take a look at <a href="http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/" target="_blank"></a><a href="http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/" target="_blank">http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/</a>
<div><br>
</div>
<div>I think this post answers your question.</div>
</div>
<div>
<div><br>
<div class="gmail_quote">
<div dir="ltr">On Mon, Nov 23, 2015 at 1:05
PM Stephen Agneta <<a href="mailto:sagneta@gmail.com" target="_blank"></a><a href="mailto:sagneta@gmail.com" target="_blank">sagneta@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>I'll share what I know with you in
the hopes that it will help somehow. </div>
<div><br>
</div>
Well KC (keycloak) is a super-set of the
PL (PicketLink) functionality thus in
theory it ought to work fine once it is
ready and once some sort of migration
path is known. You may not wish to move
to KC due to the additional
functionality which may be off-putting
for lite applications but KC will
perform everything PL did and more and
will do so in VM memory if you so
choose.
<div><br>
</div>
<div>Essentially KC is a real federated
authentication and authorization
service with identity management that
can run standalone or in-VM within a
WildFly cluster. Although a Java
implementation it works with other
systems and languages out of process.
It does integrate with Spring which
may interest you.</div>
<div><br>
</div>
<div>The following link provides
information for Wildfly 9 clustered
installation:</div>
<div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install</a><br>
</div>
<div><br>
</div>
<div>Thus you should be able to have
your authorization demands met _in VM_
as opposed to over-the-wire for
performance reasons if necessary.</div>
<div><br>
</div>
<div>IMOP I think the KC project is the
right move. They are fixing the big
issue which is the lack of an
opensource Federated Identity
Management System. They also fixed
little things such as Composite Roles
which are missing from PL.</div>
<div><br>
</div>
<div> I merely disliked the abrupt
change-over. I also can't move to
keycloak until I have more of an idea
how the migration would work. </div>
<div>For example, how different is the
default KC relational schema from the
default basic PL schema:</div>
<div><br>
</div>
<div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136</a><br>
</div>
<div><br>
</div>
<div>It is also not clear if keycloak
has a CDI demand system ready like
PicketLink. They only hint at it. <span style="line-height:1.5"> Also it
runs in-cluster on Wildfly 9 and I
am on 8. Nothing huge but issues
that will need to be addressed. </span></div>
<div><span style="line-height:1.5"><br>
</span></div>
<div>Hope that helps. </div>
<div><span style="line-height:1.5"><br>
</span></div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Mon, Nov 23, 2015 at
8:54 AM Arthur Gregório <<a href="mailto:arthurshakal@gmail.com" target="_blank"></a><a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>And KC does not have the same
purpose as the PL.</div>
<div><br>
</div>
<div>In short, I have no reason to
migrate from one to the other, I
use PL or go back to Spring
Security.</div>
<div><br>
</div>
<div>But it seems that there has not
been any development in PL, at
least in recent months, in short,
it seems that the project is dying
and all that were used for its own
account.</div>
<div><br>
</div>
<div>And with bugs like this <a href="https://developer.jboss.org/thread/266387" target="_blank"></a><a href="https://developer.jboss.org/thread/266387" target="_blank">https://developer.jboss.org/thread/266387</a>,
it's not cool to let the project
stalled...<br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div><b>Arthur P. Gregório</b><br>
<i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55 45
9958-0302</a></i><br>
@gregorioarthur<br>
<a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
</div>
</div>
<br>
</div>
<div class="gmail_extra">
<div class="gmail_quote">2015-11-23
11:47 GMT-02:00 Stephen Agneta <span dir="ltr"><<a href="mailto:sagneta@gmail.com" target="_blank"></a><a href="mailto:sagneta@gmail.com" target="_blank">sagneta@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><br>
<div>It certainly appears that
everything has moved to
key-cloak but I am unsure
that keycloak is ready to
take the burden of current
Picketlink implementations.
Nor am I sure how the
migration process would
occur. The abruptness of the
change is a bit
disconcerting. Having said
that Picketlink is working
fine save for one defect
that which I requested that
is on the git HEAD but not
in any particular release. </div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div>
<div>
<div dir="ltr">On Mon, Nov
23, 2015 at 8:43 AM
Arthur Gregório <<a href="mailto:arthurshakal@gmail.com" target="_blank"></a><a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>>
wrote:<br>
</div>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>
<div dir="ltr">
<div>Picketlink is
dead? </div>
<div><br>
</div>
<div>The last commit
in the project repo
was in 9 july.. </div>
<div><br>
</div>
<div>Is there a
schedule for the new
version or something
like that?<br>
</div>
<div><br>
</div>
<div>at.,</div>
<br clear="all">
<div>
<div><b>Arthur P.
Gregório</b><br>
<i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55
45 9958-0302</a></i><br>
@gregorioarthur<br>
<a href="http://www.arthurgregorio.eti.br" target="_blank"></a><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
security-dev mailing list<br>
<a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
_______________________________________________<br>
security-dev mailing list<br>
<a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
security-dev mailing list<br>
<a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
security-dev mailing list
<a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></pre>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>