<div dir="ltr"><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><span style="font-size:12.8px">The amount of effort on application side is even less than with picketlink. <b><font color="#ff0000">The thing is that you need keycloak server</font></b>. It can be executed either in same JVM ( Wildfly/EAP instance) like your application or on completely different server. </span><br style="font-size:12.8px"></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><span style="font-size:12.8px">The best is to start with keycloak documentation and possibly screencasts and try examples.</span></blockquote><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">This is the &quot;problem&quot;. Think about it:</span></div><div><span style="font-size:12.8px"><br></span></div><div><div><span style="font-size:12.8px">I develop an open source system that uses a secure system and in theory, can run on any application server compatible with JEE7+</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">My &quot;users&quot; will download the war, put on WF them still have to make a number of settings on the server to be able to type username and password, login, make control access, create groups, give permission ... Anyway, unnecessary for this scenario.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">What I know is that KC is a more business world, where we have a more robust infrastructure. PL can be used in that case or something heavier integrated with KC.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Well, what I am saying since I wrote my first e-mail is that technology does not replace the other, but can complement each other...</span></div></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">But okay. For now, I would just someone could generate versions of PL, snapshots, see and apply PR, make snapshots and publish to the maven, this would be a great help.</span><br></div><div><span style="font-size:12.8px"><br></span></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><b>Arthur P. Gregório</b><br><i>+55 45 9958-0302</i><br>@gregorioarthur<br><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br></div></div>
<br><div class="gmail_quote">2015-11-25 8:29 GMT-02:00 Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF"><span class="">
    <div>On 24/11/15 11:50, Arthur Gregório
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">I only use JPA/LDAP authentication, simple and not
        need to mess with XML and have only a single Jar in my classpath
        without relying on my aplication server or something.</div>
    </blockquote></span>
    With Keycloak, you also don&#39;t need to mess with any XML. The idea
    is, that there is minimal code needed on application side. All the
    work like authentication, identity management, LDAP integration,
    social integration etc is done on Keycloak server. Your application
    just needs to know how to talk to Keycloak server, so you need to
    add keycloak.json file with some &quot;adapter configuration&quot;, which
    points how your application can talk to Keycloak server (it uses
    OpenID Connect or SAML2 protocols for communication with server) .
    The amount of dependencies on application side is also quite
    minimal.<span class=""><br>
    <blockquote type="cite">
      <div dir="ltr">
        <div>
          <div><br>
          </div>
          <div>In short, KC can be very good at it, but for those who
            already have something done and solid in the PL, it is
            impossible to migrate.</div>
        </div>
        <div><br>
        </div>
        <div>Until someone says I can use the KC to do this [1] with the
          same effort that I have with the PL, I will continue thinking
          that the framework should receive attention again.<br>
        </div>
        <div><br>
        </div>
        <div>[1] <a href="https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authentication-form-with-jsf" target="_blank">https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authentication-form-with-jsf</a></div>
      </div>
    </blockquote></span>
    The amount of effort on application side is even less than with
    picketlink. The thing is that you need keycloak server. It can be
    executed either in same JVM ( Wildfly/EAP instance) like your
    application or on completely different server. <br>
    <br>
    The best is to start with keycloak documentation and possibly
    screencasts and try examples.<span class="HOEnZb"><font color="#888888"><br>
    <br>
    Marek</font></span><div><div class="h5"><br>
    <blockquote type="cite">
      <div class="gmail_extra"><br clear="all">
        <div>
          <div><b>Arthur P. Gregório</b><br>
            <i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55 45 9958-0302</a></i><br>
            @gregorioarthur<br>
            <a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
          </div>
        </div>
        <br>
        <div class="gmail_quote">2015-11-24 5:46 GMT-02:00 Marek Posolda
          <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span>:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <div>Keycloak now supports SAML SP implementation, which
                doesn&#39;t require KC server. It can talk to any other SAML
                Idp. The docs is here <a href="http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html" target="_blank">http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html</a>
                . For the future, we will mainly focus on
                improve/maintain the Keycloak SAML SP rather than
                Picketlink.<br>
                <br>
                Also there is no need to fork the Picketlink project to
                your own, you can still propose and send PR to
                Picketlink . This will allow that more people from the
                community can suffer from your work.<span><font color="#888888"><br>
                    <br>
                    Marek</font></span>
                <div>
                  <div><br>
                    <br>
                    <br>
                    On 23/11/15 23:40, larry mccay wrote:<br>
                  </div>
                </div>
              </div>
              <div>
                <div>
                  <blockquote type="cite">
                    <div dir="ltr">This is a disappointing situation.
                      <div>PL should have been continued and then
                        consumed by KC.</div>
                      <div>I will not be pulling in KC in its entirely
                        in order to do SAML SP implementations - we will
                        need to move to something else.</div>
                      <div><br>
                      </div>
                      <div>I suggest that a PL module be published from
                        KC that has minimal dependencies.</div>
                      <div>You can migrate the PL functionality to KC
                        this way but not force all of the new
                        dependencies on consumers.</div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Mon, Nov 23, 2015 at
                        11:19 AM, Arthur Gregório <span dir="ltr">&lt;<a href="mailto:arthurshakal@gmail.com" target="_blank"></a><a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>&gt;</span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          <div dir="ltr">I see this post, and i know
                            what KC do.. 
                            <div><br>
                            </div>
                            <div>
                              <div>What I mean is that I do not need all
                                the things that KC does, I want simple
                                with the something like PL.</div>
                              <div><br>
                              </div>
                              <div>I posted in a thread about it on the
                                same topic &quot;continuity of PL&quot; on the dev
                                list of KC and the same answer was
                                given.</div>
                              <div><br>
                              </div>
                              <div>PL is such a cool framework, I refuse
                                to believe that only I use it or only I
                                noticed this deep sleep that the project
                                came...</div>
                              <div><br>
                              </div>
                              <div>Finally, the fact is that PL is like
                                Spring Security, a swatter convenient
                                and fast flies. KC is already like a
                                cannon, large and meaningless to the
                                context of solving a simple problem like
                                killing a single mosquito.</div>
                              <div><br>
                              </div>
                              <div>But if so, the business is to make a
                                project fork and working on my own
                                version.</div>
                            </div>
                            <div><br>
                            </div>
                            <div>at.,</div>
                          </div>
                          <div class="gmail_extra"><span><br clear="all">
                              <div>
                                <div><b>Arthur P. Gregório</b><br>
                                  <i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55 45 9958-0302</a></i><br>
                                  @gregorioarthur<br>
                                  <a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
                                </div>
                              </div>
                              <br>
                            </span>
                            <div>
                              <div>
                                <div class="gmail_quote">2015-11-23
                                  13:07 GMT-02:00 Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank"></a><a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span>:<br>
                                  <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                    <div dir="ltr">Please take a look
                                      at <a href="http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/" target="_blank">http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/</a>
                                      <div><br>
                                      </div>
                                      <div>I think this post answers
                                        your question.</div>
                                    </div>
                                    <div>
                                      <div><br>
                                        <div class="gmail_quote">
                                          <div dir="ltr">On Mon, Nov 23,
                                            2015 at 1:05 PM Stephen
                                            Agneta &lt;<a href="mailto:sagneta@gmail.com" target="_blank"></a><a href="mailto:sagneta@gmail.com" target="_blank">sagneta@gmail.com</a>&gt;

                                            wrote:<br>
                                          </div>
                                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                            <div dir="ltr">
                                              <div>I&#39;ll share what I
                                                know with you in the
                                                hopes that it will help
                                                somehow. </div>
                                              <div><br>
                                              </div>
                                              Well KC (keycloak) is a
                                              super-set of the PL
                                              (PicketLink) functionality
                                              thus in theory it ought to
                                              work fine once it is ready
                                              and once some sort of
                                              migration path is known.
                                              You may not wish to move
                                              to KC due to the
                                              additional functionality
                                              which may be off-putting
                                              for lite applications but
                                              KC will perform everything
                                              PL did and more and will
                                              do so in VM memory if you
                                              so choose. 
                                              <div><br>
                                              </div>
                                              <div>Essentially KC is a
                                                real federated
                                                authentication and
                                                authorization service
                                                with identity management
                                                that can run standalone
                                                or in-VM within a
                                                WildFly cluster.
                                                Although a Java
                                                implementation it works
                                                with other systems and
                                                languages out of
                                                process. It does
                                                integrate with Spring
                                                which may interest you.</div>
                                              <div><br>
                                              </div>
                                              <div>The following link
                                                provides information for
                                                Wildfly 9 clustered
                                                installation:</div>
                                              <div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install" target="_blank"></a><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install</a><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div>Thus you should be
                                                able to have your
                                                authorization demands
                                                met _in VM_ as opposed
                                                to over-the-wire for
                                                performance reasons if
                                                necessary.</div>
                                              <div><br>
                                              </div>
                                              <div>IMOP I think the KC
                                                project is the right
                                                move. They are fixing
                                                the big issue which is
                                                the lack of an
                                                opensource Federated
                                                Identity Management
                                                System. They also fixed
                                                little things such as
                                                Composite Roles which
                                                are missing from PL.</div>
                                              <div><br>
                                              </div>
                                              <div> I merely disliked
                                                the abrupt change-over.
                                                I also can&#39;t move to
                                                keycloak until I have
                                                more of an idea how the
                                                migration would work. </div>
                                              <div>For example, how
                                                different is the default
                                                KC relational schema
                                                from the default basic
                                                PL schema:</div>
                                              <div><br>
                                              </div>
                                              <div><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136" target="_blank"></a><a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136</a><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div>It is also not clear
                                                if keycloak has a CDI
                                                demand system ready like
                                                PicketLink. They only
                                                hint at it. <span style="line-height:1.5"> Also
                                                  it runs in-cluster on
                                                  Wildfly 9 and I am on
                                                  8. Nothing huge but
                                                  issues that will need
                                                  to be addressed. </span></div>
                                              <div><span style="line-height:1.5"><br>
                                                </span></div>
                                              <div>Hope that helps. </div>
                                              <div><span style="line-height:1.5"><br>
                                                </span></div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                            </div>
                                            <br>
                                            <div class="gmail_quote">
                                              <div dir="ltr">On Mon, Nov
                                                23, 2015 at 8:54 AM
                                                Arthur Gregório &lt;<a href="mailto:arthurshakal@gmail.com" target="_blank"></a><a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>&gt;

                                                wrote:<br>
                                              </div>
                                              <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                <div dir="ltr">
                                                  <div>And KC does not
                                                    have the same
                                                    purpose as the PL.</div>
                                                  <div><br>
                                                  </div>
                                                  <div>In short, I have
                                                    no reason to migrate
                                                    from one to the
                                                    other, I use PL or
                                                    go back to Spring
                                                    Security.</div>
                                                  <div><br>
                                                  </div>
                                                  <div>But it seems that
                                                    there has not been
                                                    any development in
                                                    PL, at least in
                                                    recent months, in
                                                    short, it seems that
                                                    the project is dying
                                                    and all that were
                                                    used for its own
                                                    account.</div>
                                                  <div><br>
                                                  </div>
                                                  <div>And with bugs
                                                    like this <a href="https://developer.jboss.org/thread/266387" target="_blank"></a><a href="https://developer.jboss.org/thread/266387" target="_blank">https://developer.jboss.org/thread/266387</a>,
                                                    it&#39;s not cool to let
                                                    the project
                                                    stalled...<br>
                                                  </div>
                                                  <div><br>
                                                  </div>
                                                </div>
                                                <div class="gmail_extra"><br clear="all">
                                                  <div>
                                                    <div><b>Arthur P.
                                                        Gregório</b><br>
                                                      <i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55
                                                          45 9958-0302</a></i><br>
                                                      @gregorioarthur<br>
                                                      <a href="http://www.arthurgregorio.eti.br" target="_blank"></a><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
                                                    </div>
                                                  </div>
                                                  <br>
                                                </div>
                                                <div class="gmail_extra">
                                                  <div class="gmail_quote">2015-11-23

                                                    11:47 GMT-02:00
                                                    Stephen Agneta <span dir="ltr">&lt;<a href="mailto:sagneta@gmail.com" target="_blank"></a><a href="mailto:sagneta@gmail.com" target="_blank">sagneta@gmail.com</a>&gt;</span>:<br>
                                                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                      <div dir="ltr"><br>
                                                        <div>It
                                                          certainly
                                                          appears that
                                                          everything has
                                                          moved to
                                                          key-cloak but
                                                          I am unsure
                                                          that keycloak
                                                          is ready to
                                                          take the
                                                          burden of
                                                          current
                                                          Picketlink
                                                          implementations.
                                                          Nor am I sure
                                                          how the
                                                          migration
                                                          process would
                                                          occur. The
                                                          abruptness of
                                                          the change is
                                                          a bit
                                                          disconcerting.
                                                          Having said
                                                          that
                                                          Picketlink is
                                                          working fine
                                                          save for one
                                                          defect that
                                                          which I
                                                          requested that
                                                          is on the git
                                                          HEAD but not
                                                          in any
                                                          particular
                                                          release. </div>
                                                        <div><br>
                                                        </div>
                                                        <div><br>
                                                        </div>
                                                        <div><br>
                                                        </div>
                                                      </div>
                                                      <br>
                                                      <div class="gmail_quote">
                                                        <div>
                                                          <div>
                                                          <div dir="ltr">On
                                                          Mon, Nov 23,
                                                          2015 at 8:43
                                                          AM Arthur
                                                          Gregório &lt;<a href="mailto:arthurshakal@gmail.com" target="_blank"></a><a href="mailto:arthurshakal@gmail.com" target="_blank">arthurshakal@gmail.com</a>&gt;

                                                          wrote:<br>
                                                          </div>
                                                          </div>
                                                        </div>
                                                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">
                                                          <div>Picketlink
                                                          is dead? </div>
                                                          <div><br>
                                                          </div>
                                                          <div>The last
                                                          commit in the
                                                          project repo
                                                          was in 9
                                                          july.. </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Is there
                                                          a schedule for
                                                          the new
                                                          version or
                                                          something like
                                                          that?<br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>at.,</div>
                                                          <br clear="all">
                                                          <div>
                                                          <div><b>Arthur
                                                          P. Gregório</b><br>
                                                          <i><a href="tel:%2B55%2045%209958-0302" value="+554599580302" target="_blank">+55

                                                          45 9958-0302</a></i><br>
@gregorioarthur<br>
                                                          <a href="http://www.arthurgregorio.eti.br" target="_blank"></a><a href="http://www.arthurgregorio.eti.br" target="_blank">www.arthurgregorio.eti.br</a><br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </div>
_______________________________________________<br>
                                                          security-dev
                                                          mailing list<br>
                                                          <a href="mailto:security-dev@lists.jboss.org" target="_blank"></a><a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
                                                          <a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank"></a><a href="https://lists.jboss.org/mailman/listinfo/security-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></blockquote>
                                                      </div>
                                                    </blockquote>
                                                  </div>
                                                  <br>
                                                </div>
                                              </blockquote>
                                            </div>
_______________________________________________<br>
                                            security-dev mailing list<br>
                                            <a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
                                            <a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></blockquote>
                                        </div>
                                      </div>
                                    </div>
                                  </blockquote>
                                </div>
                                <br>
                              </div>
                            </div>
                          </div>
                          <br>
_______________________________________________<br>
                          security-dev mailing list<br>
                          <a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a><br>
                          <a href="https://lists.jboss.org/mailman/listinfo/security-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a><br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
security-dev mailing list
<a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a></pre>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div>