Why BearerTokenLoginModule?
by Bill Burke
What is the purpose of this? We have adapters to do this kind of stuff.
A LoginModule doesn't remove the need for an adapter as you still need
to extract and propagate the token in the protocol layer. I've already
been down this road and it is a dead end.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9 years, 5 months
SAML IDP defaults
by Bill Burke
I think there is too many configuration options for Keycloak SAML IDP
support. Don't you think it is safe to require that
1) IDP always signs SAML documents
2) Require SP to also always sign documents
#1 should definitely be a default and unchangable. Can't the SP just
ignore it anyways? Not sure about #2.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9 years, 5 months
Certificate on realm
by Stian Thorgersen
What's the purpose of the x509 certificate on the RealmModel and in admin console? I can't find any usage of it in the code.
9 years, 5 months
Keycloak 1.1.0.Beta1 Released
by Stian Thorgersen
Keycloak already supports OpenID Connect, but with this release we're also introducing support for SAML 2.0.
We've also significantly improved our clustering support, for the server and application adapters. The server can now be configured to use an invalidation cache for realm meta-data and user profiles, while user-sessions can be stored in a distributed cache allowing for both increased scalability and availability. Application adapters can be configured for either sticky-session or stateless if sticky-sessions are not available. We've also added support for nodes to dynamically register with Keycloak to receive for example logout notifications.
Thanks to Juraci Paixão Kröhling we now have multi-tenancy support in application adapters. His contribution makes it easy to use more than one realm for a single application. It's up to you to decide which realm is used for a request, but this could for example be depending on domain name or context-path. For anyone interested in this feature there's a simple example that shows how to get started.
A while back Davide Ungari contributed a Tomcat 7 application adapter for Keycloak, but we haven't had time to document, test and make it a supported adapter until now.
The next release of Keycloak should see the introduction of more application adapters, with support for JBoss BRMS, JBoss Fuse, UberFire, Hawt.io and Jetty.
For a complete list of all features and fixes for this release check out JIRA (https://issues.jboss.org/issues/?jql=project%20%3D%20KEYCLOAK%20AND%20fix...).
I'd like to especially thank all external contributors, please keep contributing! For everyone wanting to contribute Keycloak don't hesitate, it's easy to get started and we're here to help if you need any pointers.
9 years, 5 months