On 2/4/2014 12:38 PM, Matthias Wessendorf wrote:
I've added Keycloak AS7 modules to UPS cart but not admin
console. I
believe
that Keycloak is SaaS, so usage with two different carts reflect
reality better.
Configuring Keycloak cart once and let all other carts use is seems
the right
way to me.
there is IMO pros and cons in both ways
Originally, Keycloak was going to be a SaaS. One internet service where
users could register and create their own Realms....But, we decided that
users will probably want to have full control of their security metadata
and not share a database with other users. Less we have to worry about
from a storage security standpoint.
I've never built a cartridge so apologies if I have it wrong, but IMO,
UPS should support bundling its own keycloak server already
preconfigured, or, it should hook into an existing keycloak instance. I
don't know if this would require 2 different cartridges, or if you would
have an online "installation" UI to make these types of decisions.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com