[keycloak-dev] Remaining work for beta-4

Outstanding work for beta-4: * User federation - what's the status? * Require SSL by default - see previous email, I think we should add this for beta-4 * Access token validation endpoint (KEYCLOAK-585) * Rename AuditListener/Provider to EventListener/Provider (KEYCLOAK-586, KEYCLOAK-587) - should we do this? * Support HttpServletRequest.authenticate() (KEYCLOAK-575) - should be simple enough? * Turn off cookie cache for all http clients (KEYCLOAK-537) - not sure I understand this issue? isn't sticky sessions something that's configured by the load balancer? * RealmModel should have a link to realm admin app (KEYCLOAK-486) - I don't think the admin console should refer to the app by name, instead it should either have a link or at least the id of the app associated with the realm * Issue with deploying on AS7 (KEYCLOAK-572) - should be fixed with new PL release, but do we really care about supporting AS7? Issues I propose we push to beta-5: * LDAP sync - should this go into beta-5? or even wait until after final? * Stress tests (KEYCLOAK-514) - we still haven't tested with a large amount of users * DB optimizations (KEYCLOAK-515) - maybe push this to after final? * "Transaction not active" while performing a shutdown (KEYCLOAK-470) - I can't replicate this, do we close or just set to no fix version? * Login with totp includes password in clear text (KEYCLOAK-576) - afaik it's not good to include the password in plain-text in the html set to the client, which we do atm Anything else? As a reminder, I'm on PTO next week and Marek is on PTO tomorrow.