<div dir="ltr">I only use JPA/LDAP authentication, simple and not need to mess with XML and have only a single Jar in my classpath without relying on my aplication server or something.<div><div><br></div><div>In short, KC can be very good at it, but for those who already have something done and solid in the PL, it is impossible to migrate.</div></div><div><br></div><div>Until someone says I can use the KC to do this [1] with the same effort that I have with the PL, I will continue thinking that the framework should receive attention again.<br></div><div><br></div><div>[1] <a href="https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authentication-form-with-jsf">https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authentication-form-with-jsf</a></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><b>Arthur P. Gregório</b><br><i>+55 45 9958-0302</i><br>@gregorioarthur<br><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br></div></div>
<br><div class="gmail_quote">2015-11-24 5:46 GMT-02:00 Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div>Keycloak now supports SAML SP
      implementation, which doesn&#39;t require KC server. It can talk to
      any other SAML Idp. The docs is here
      <a href="http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html" target="_blank">http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html</a>
      . For the future, we will mainly focus on improve/maintain the
      Keycloak SAML SP rather than Picketlink.<br>
      <br>
      Also there is no need to fork the Picketlink project to your own,
      you can still propose and send PR to Picketlink . This will allow
      that more people from the community can suffer from your work.<span class="HOEnZb"><font color="#888888"><br>
      <br>
      Marek</font></span><div><div class="h5"><br>
      <br>
      <br>
      On 23/11/15 23:40, larry mccay wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">This is a disappointing situation.
        <div>PL should have been continued and then consumed by KC.</div>
        <div>I will not be pulling in KC in its entirely in order to do
          SAML SP implementations - we will need to move to something
          else.</div>
        <div><br>
        </div>
        <div>I suggest that a PL module be published from KC that has
          minimal dependencies.</div>
        <div>You can migrate the PL functionality to KC this way but not
          force all of the new dependencies on consumers.</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Mon, Nov 23, 2015 at 11:19 AM,
          Arthur Gregório <span dir="ltr">&lt;<a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">I see this post, and i know what KC do.. 
              <div><br>
              </div>
              <div>
                <div>What I mean is that I do not need all the things
                  that KC does, I want simple with the something like
                  PL.</div>
                <div><br>
                </div>
                <div>I posted in a thread about it on the same topic
                  &quot;continuity of PL&quot; on the dev list of KC and the same
                  answer was given.</div>
                <div><br>
                </div>
                <div>PL is such a cool framework, I refuse to believe
                  that only I use it or only I noticed this deep sleep
                  that the project came...</div>
                <div><br>
                </div>
                <div>Finally, the fact is that PL is like Spring
                  Security, a swatter convenient and fast flies. KC is
                  already like a cannon, large and meaningless to the
                  context of solving a simple problem like killing a
                  single mosquito.</div>
                <div><br>
                </div>
                <div>But if so, the business is to make a project fork
                  and working on my own version.</div>
              </div>
              <div><br>
              </div>
              <div>at.,</div>
            </div>
            <div class="gmail_extra"><span><br clear="all">
                <div>
                  <div><b>Arthur P. Gregório</b><br>
                    <i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55 45
                        9958-0302</a></i><br>
                    @gregorioarthur<br>
                    <a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
                  </div>
                </div>
                <br>
              </span>
              <div>
                <div>
                  <div class="gmail_quote">2015-11-23 13:07 GMT-02:00
                    Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank"></a><a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span>:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="ltr">Please take a look at <a href="http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/" target="_blank"></a><a href="http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/" target="_blank">http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/</a>
                        <div><br>
                        </div>
                        <div>I think this post answers your question.</div>
                      </div>
                      <div>
                        <div><br>
                          <div class="gmail_quote">
                            <div dir="ltr">On Mon, Nov 23, 2015 at 1:05
                              PM Stephen Agneta &lt;<a href="mailto:sagneta@gmail.com" target="_blank"></a><a href="mailto:sagneta@gmail.com" target="_blank">sagneta@gmail.com</a>&gt;
                              wrote:<br>
                            </div>
                            <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                              <div dir="ltr">
                                <div>I&#39;ll share what I know with you in
                                  the hopes that it will help somehow. </div>
                                <div><br>
                                </div>
                                Well KC (keycloak) is a super-set of the
                                PL (PicketLink) functionality thus in
                                theory it ought to work fine once it is
                                ready and once some sort of migration
                                path is known. You may not wish to move
                                to KC due to the additional
                                functionality which may be off-putting
                                for lite applications but KC will
                                perform everything PL did and more and
                                will do so in VM memory if you so
                                choose. 
                                <div><br>
                                </div>
                                <div>Essentially KC is a real federated
                                  authentication and authorization
                                  service with identity management that
                                  can run standalone or in-VM within a
                                  WildFly cluster. Although a Java
                                  implementation it works with other
                                  systems and languages out of process.
                                  It does integrate with Spring which
                                  may interest you.</div>
                                <div><br>
                                </div>
                                <div>The following link provides
                                  information for Wildfly 9 clustered
                                  installation:</div>
                                <div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install</a><br>
                                </div>
                                <div><br>
                                </div>
                                <div>Thus you should be able to have
                                  your authorization demands met _in VM_
                                  as opposed to over-the-wire for
                                  performance reasons if necessary.</div>
                                <div><br>
                                </div>
                                <div>IMOP I think the KC project is the
                                  right move. They are fixing the big
                                  issue which is the lack of an
                                  opensource Federated Identity
                                  Management System. They also fixed
                                  little things such as Composite Roles
                                  which are missing from PL.</div>
                                <div><br>
                                </div>
                                <div> I merely disliked the abrupt
                                  change-over. I also can&#39;t move to
                                  keycloak until I have more of an idea
                                  how the migration would work. </div>
                                <div>For example, how different is the
                                  default KC relational schema from the
                                  default basic PL schema:</div>
                                <div><br>
                                </div>
                                <div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136</a><br>
                                </div>
                                <div><br>
                                </div>
                                <div>It is also not clear if keycloak
                                  has a CDI demand system ready like
                                  PicketLink. They only hint at it. <span style="line-height:1.5"> Also it
                                    runs in-cluster on Wildfly 9 and I
                                    am on 8. Nothing huge but issues
                                    that will need to be addressed. </span></div>
                                <div><span style="line-height:1.5"><br>
                                  </span></div>
                                <div>Hope that helps. </div>
                                <div><span style="line-height:1.5"><br>
                                  </span></div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                              </div>
                              <br>
                              <div class="gmail_quote">
                                <div dir="ltr">On Mon, Nov 23, 2015 at
                                  8:54 AM Arthur Gregório &lt;<a href="mailto:arthurshakal@gmail.com" target="_blank"></a><a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>&gt;
                                  wrote:<br>
                                </div>
                                <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                  <div dir="ltr">
                                    <div>And KC does not have the same
                                      purpose as the PL.</div>
                                    <div><br>
                                    </div>
                                    <div>In short, I have no reason to
                                      migrate from one to the other, I
                                      use PL or go back to Spring
                                      Security.</div>
                                    <div><br>
                                    </div>
                                    <div>But it seems that there has not
                                      been any development in PL, at
                                      least in recent months, in short,
                                      it seems that the project is dying
                                      and all that were used for its own
                                      account.</div>
                                    <div><br>
                                    </div>
                                    <div>And with bugs like this <a href="https://developer.jboss.org/thread/266387" target="_blank"></a><a href="https://developer.jboss.org/thread/266387" target="_blank">https://developer.jboss.org/thread/266387</a>,
                                      it&#39;s not cool to let the project
                                      stalled...<br>
                                    </div>
                                    <div><br>
                                    </div>
                                  </div>
                                  <div class="gmail_extra"><br clear="all">
                                    <div>
                                      <div><b>Arthur P. Gregório</b><br>
                                        <i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55 45
                                            9958-0302</a></i><br>
                                        @gregorioarthur<br>
                                        <a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
                                      </div>
                                    </div>
                                    <br>
                                  </div>
                                  <div class="gmail_extra">
                                    <div class="gmail_quote">2015-11-23
                                      11:47 GMT-02:00 Stephen Agneta <span dir="ltr">&lt;<a href="mailto:sagneta@gmail.com" target="_blank"></a><a href="mailto:sagneta@gmail.com" target="_blank">sagneta@gmail.com</a>&gt;</span>:<br>
                                      <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                        <div dir="ltr"><br>
                                          <div>It certainly appears that
                                            everything has moved to
                                            key-cloak but I am unsure
                                            that keycloak is ready to
                                            take the burden of current
                                            Picketlink implementations.
                                            Nor am I sure how the
                                            migration process would
                                            occur. The abruptness of the
                                            change is a bit
                                            disconcerting. Having said
                                            that Picketlink is working
                                            fine save for one defect
                                            that which I requested that
                                            is on the git HEAD but not
                                            in any particular release. </div>
                                          <div><br>
                                          </div>
                                          <div><br>
                                          </div>
                                          <div><br>
                                          </div>
                                        </div>
                                        <br>
                                        <div class="gmail_quote">
                                          <div>
                                            <div>
                                              <div dir="ltr">On Mon, Nov
                                                23, 2015 at 8:43 AM
                                                Arthur Gregório &lt;<a href="mailto:arthurshakal@gmail.com" target="_blank"></a><a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>&gt;
                                                wrote:<br>
                                              </div>
                                            </div>
                                          </div>
                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                            <div>
                                              <div>
                                                <div dir="ltr">
                                                  <div>Picketlink is
                                                    dead? </div>
                                                  <div><br>
                                                  </div>
                                                  <div>The last commit
                                                    in the project repo
                                                    was in 9 july.. </div>
                                                  <div><br>
                                                  </div>
                                                  <div>Is there a
                                                    schedule for the new
                                                    version or something
                                                    like that?<br>
                                                  </div>
                                                  <div><br>
                                                  </div>
                                                  <div>at.,</div>
                                                  <br clear="all">
                                                  <div>
                                                    <div><b>Arthur P.
                                                        Gregório</b><br>
                                                      <i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55
                                                          45 9958-0302</a></i><br>
                                                      @gregorioarthur<br>
                                                      <a href="http://www.arthurgregorio.eti.br" target="_blank"></a><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
                                                    </div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
_______________________________________________<br>
                                            security-dev mailing list<br>
                                            <a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
                                            <a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></blockquote>
                                        </div>
                                      </blockquote>
                                    </div>
                                    <br>
                                  </div>
                                </blockquote>
                              </div>
_______________________________________________<br>
                              security-dev mailing list<br>
                              <a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
                              <a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></blockquote>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            security-dev mailing list<br>
            <a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
            <a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a><br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
security-dev mailing list
<a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></pre>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>