First iteration is commited. I still have a lot to do.
* AuthenticationProvider currently co-exists with Federation. I will
delete it after the review of FederationProvider.
* UserModel is proxied. Some updates delegated to LDAP. Need to expand.
* Still need to do admin console UI for federation
* Still need to implement search and other queries for LDAP
* Still need to test disjoint credential type storage.
Feedback on unimplemented features for LDAP:
* registration supported switch.
* Importing username and email will be required. Everything else will
be optional. That cool?
* Modes for federation will be: READ_ONLY, SYNCED, and UNSYNCED.
SYNCED will update LDAP on demand. UNSYNCED will store changes locally
and require the user to handle synchronization themselves.
* Going to have an import-attributes on/off switch. A keycloak->ldap
attribute map will be required to be configured. If this switch is off,
UserModel proxy will load attributes on demand.
Questions:
* Is ExternalModelAuthProvider actually a feature requested by users?
I'd like to not have to do this. At least for 1.0.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com