2:26 p.m.
Hello Alistair,
those are IMHO awesome modules thanks for sharing :)
btw. you also have a handy go Keycloak client :)
https://github.com/cloudtrust/keycloak-client
Regarding SAML ScriptMapper (KEYCLOAK-5520) I think it totally makes sense
to integrate that into Keycloak directly.
I was onto writing that myself but then priorities changed..., but your
implementation looks quite good already :)
I'm pretty sure that if you get the tests running inside the Keycloak
test-suite the Keycloak team would be happy to discuss/merge your PR.
Cheers,
Thomas
Am Di., 14. Aug. 2018 um 12:04 Uhr schrieb Doswald Alistair <
alistair.doswald(a)elca.ch>:
Hello,
I just wanted to let this mailing list know that for the Cloudtrust
project (https://github.com/cloudtrust), we have developed a certain
number modules for Keycloak. These are currently compatible with the
version 3.4.3.Final of Keycloak, but we will make them compatible with
Keycloak 4.X (where X will be the latest sub-version of Keycloak when we
start working on this) as soon as we can. These modules are:
* keycloak-wsfed (https://github.com/cloudtrust/keycloak-wsfed): an
implementation of the WS-Federation protocol for keycloak. This allows to
select the WS-Federation protocol for Keycloak clients and for identity
brokers.
* keycloak-authorization (
https://github.com/cloudtrust/keycloak-authorization): this module allows
the use of the client authorization system to prevent a user which is
authenticated in a Keycloak realm to access a given client. It works no
matter which protocol is used, and without the client having to support any
extra protocol. Note: this solution is a bit hacky, but necessary for one
of our use-cases.
* keycloak-client-mappers (
https://github.com/cloudtrust/keycloak-client-mappers): a module for
adding any mappers that we might need that are not yet part of Keycloak.
Currently only contains a JavaScript mapper for SAML, analogous to the OIDC
script mapper. I've noticed that there's an open issue for this feature (
https://issues.jboss.org/browse/KEYCLOAK-5520). If desirable I could
submit this code not as a module but a solution to the issue.
* keycloak-export (https://github.com/cloudtrust/keycloak-export): a
module adding an endpoint to fully export a realm while Keycloak is still
running (no need for restarts!).
Cheers,
Alistair
PS: I mailed this to both dev and user mailing lists as I believe it may
interest members of both mailing lists. However, upon sending to the dev
mailing list the first time it bounced. This is the second attempt.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev