btw. Picketlink has possibility to use LDAP and File based backends and
we can easily support this possibility if we use XML based configuration
http://docs.jboss.org/picketlink/2/latest/reference/html/ch06.html#idm_co...
. I've contributed XML configuration of IDM to Picketlink, so I can
easily adapt it to Keycloak if you want.
We will just need to upgrade Picketlink from 2.5.0.Beta6 to newest
2.5.2.Final. I think we need to upgrade anyway to have all the bugfixes
applied. I am aware at least of this quite bad security issue
https://issues.jboss.org/browse/PLINK-258 which is in 2.5.0.Beta6 (I
found this one when inspecting Keycloak Picketlink DB content).
Marek
On 19.9.2013 10:28, Marek Posolda wrote:
On 19.9.2013 03:11, Bill Burke wrote:
> We need to decide what we want to do for M1. Here's my stab at it.
> Let's discuss in email first as much as we can and then have a hangout
> sometime next week to go over it and nail things down.
>
> First and foremost. We have to focus. No new features. No playing
> around. For example: no adding refresh token support. No client-cert
> support. No changes to protocols. No new backends. Let's just use
> Picketlink JDBC. No 'forgot password' using SMS, etc... You get the
> picture.
At this moment, I have working MongoDB backend and I would like to send
PR with it by the end of this week. I just need to adapt this with
latest changes in RealmModel and UserModel interfaces (added new fields
related to requiredActions and totp).
TBH I don't know why to not have it as part of M1? I am not seeing any
disadvantages for people to have possibility to choose from more
backends? Another thing is that it is easier for people to see or edit
DB content directly in MongoDB database. Of course it's not so easy as
directly edit XML/JSON file, but much easier than Picketlink IDM DB
schema, which is quite complex.
I am seeing just one disadvantage that every change in model interfaces
needs to be adapted to both backend implementations, but you can always
workaround this by implement stuff just for Picketlink and create JIRA
for me to adapt changes to MongoDB backend. I can also disable MongoDB
unit tests by default (ATM I have them enabled by default in my branch)
Marek
> Required:
>
> * Social Broker login with as many providers as possible. Minimally
> Google and Facebook.
> * SSO and SLO (Single Log Out)
> * Password and TOTP login
> * OAuth Client Grant support
> * Example with apps using all o these features
> * Keycloak website setup and finalized
> * Online video walking through a demonstration of features
> * Online video walking though how to configure it
> * JBoss 7.1.x Community and JBoss EAP 6.1 support
>
> Knowing this there are two paths we can take. We can either include an
> Admin UI in M1 or not. IMO, if we do *NOT* have an Admin UI for M1, we
> probably need to not have registration or account management. Here's
> what it might look like:
>
> Option #1: No Input UIs
>
> * A read-only XML/JSON file-based backend. Users must edit this to add
> users, roles, etc...
> * No Admin UI
> * No Registration, forgotten passwords, account management. All these
> require runtime updates to the database.
> * What would we do about social though? As it requires registration?
>
> Work required (time estimates could take shorter or longer depending on
> interruptions):
> * 1-2 man-weeks to do file-based back-end
> * 1-5 days to design the OAuth Grant Pages.
> * 1 day to incorporate Grant pages
> * Do we want fancier demo apps to show SSO and OAuth Grants? If so,
> this is minimum 2 weeks. 1 to get Event Juggler hooked into Keycloak.
> 1+ weeks to create another related SSO application. 1+ more to create
> an OAuth application.
> * 1 week to organize the Website and create demo videos.
> * 1-2 weeks for documentation
> * 1+ weeks to decide and implement how we're going to distribute
> keycloak. Will it be a AS7 and/or EAP distro? A WAR? etc...
>
> So best case scenario is end of October. It would minimally require
> myself and Gabriel. Others would be needed if we want fancier demo apps
> as it is beyond my ability to create a nice looking demo app in a short
> period of time.
>
> Option #2: UIs
>
> This would take a lot more work as we would need to finish up the admin,
> registration, and account management UIs. I'd say Christmas time would
> be a viable M1 release for this. This would require everybody.
>
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev