On 16.12.2014 13:37, Stian Thorgersen wrote:
----- Original Message -----
> From: "Pedro Igor Silva" <psilva(a)redhat.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
> Sent: Tuesday, 16 December, 2014 1:25:50 PM
> Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final
>
> Btw, regarding SAML brokering. I'm trying to focus on KC integration with a
> PL SAML IdP. I think that will help people (customers and community) already
> using PL to adopt KC without forcing them to drop existing infrastructure
> and investments. And that will also help them to think about a migration
> plan.
Makes sense. We should also provide a migration path for the stored users. If we moved to
PL IDM that'd be easy, but not sure that'll happen straight away. Maybe we could
provide a PL IDM user federation provider?
Well, we defacto already have it :) Our
LDAPFederationProvider is using
Picketlink IDM API to bridge between keycloak model and
org.picketlink.idm.model.basic.User . There is no direct interaction
with LDAP, but everything goes through PL IDM API.
In early stage when we discussed ldap integration and using PL IDM API
for it, we also discussed that it could be nice if people could provide
different source of PL IDM store. So there is PartitionManagerProvider
interface, which provides access to pl idm PartitionManager. Right now
we have just one implementation LDAPPartitionManagerProvider, which
returns picketlink PartitionManager configured to use LDAP store based
on ldap configuration provided by keycloak admin console.
So theoretically only thing, which people need to do is to provide their
own PartitionManagerProvider when they can configure PL IDM stores
according to their environment. And this PartitionManagerProvider would
need to be configured in keycloak-server.json, so it has precedence over
the default LDAP based impl. Only condition is that their users should
be retrievable with usage of org.picketlink.idm.model.basic.User from PL
IDM Basic model.
Marek
> ----- Original Message -----
> From: "Pedro Igor Silva" <psilva(a)redhat.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
> Sent: Tuesday, December 16, 2014 10:15:40 AM
> Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final
>
> ----- Original Message -----
>> From: "Stian Thorgersen" <stian(a)redhat.com>
>> To: "Pedro Igor Silva" <psilva(a)redhat.com>
>> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
>> Sent: Tuesday, December 16, 2014 9:46:04 AM
>> Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final
>>
>>
>>
>> ----- Original Message -----
>>> From: "Pedro Igor Silva" <psilva(a)redhat.com>
>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
>>> Sent: Tuesday, 16 December, 2014 12:38:35 PM
>>> Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final
>>>
>>> Stian,
>>>
>>> Regarding my tasks, I will be more dedicated to KC once I decrease my
>>> PL
>>> backlog a bit. This week is becoming very productive and will help me
>>> to
>>> plan my work load with more focus on my KC tasks.
>>>
>> Great, I was hoping that'd be the case :)
>>
>>> Release date for 1.1.0.Final is 09/Feb/15, right ?
>> No, hopefully around 09/Jan/15. With regards to identity brokering do you
>> think you'll be able to wrap-it up by then or would you need longer?
> In JIRA, 1.1.0.Final is targeted to 09/Feb/15. That is why I asked ...
>
> Regarding the brokering stuff, the missing bits are:
>
> - Remove old social references from code.
> - Review Account page.
> - Add more config options to SAML brokering
> - Upload IdP metadata
> - Signature and Encryption support
> - Http Binding Configuration for AuthnRequests
> - NameID Format configuration for AuthnRequests
> - Automatic redirection when no credential is supported and a single IdP is
> configured/enabled.
> - Test KC brokering.
> - Requires a better OIDC support in KC. We already have some JIRAs for
> that.
>
> There is also the attribute mapping stuff. Which will allow users to resolve
> claims/attributes from trusted IdPs. But to support that, I think we first
> need the custom claim/profiles in place. However, this is not a blocker for
> a first release IMO.
>
> The broker is already doing the job. UI, model, REST endpoints, persistence
> and SPI are fine. We have everything we need to focus only on the functional
> bits.
>
>> For the other OpenID Connect tasks (1.2) we'll just do them in priority
>> order. If you get stuck on PL issues we can push them out, or someone else
>> can help you.
>>
>>> Regards.
>>>
>>> ----- Original Message -----
>>> From: "Stian Thorgersen" <stian(a)redhat.com>
>>> To: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
>>> Sent: Tuesday, December 16, 2014 9:13:44 AM
>>> Subject: [keycloak-dev] Remaining work for 1.1.0.Final
>>>
>>> Before we start any new features we should release 1.1.0.Final. Are there
>>> any
>>> outstanding tasks not listed in JIRA:
>>>
>>>
https://issues.jboss.org/issues/?jql=project%20%3D%20KEYCLOAK%20AND%20res...
>>>
>>> There's quite a lot of bugs associated with the release. I'd like us
to
>>> try
>>> to get rid of as many as possible before releasing, so would be great if
>>> everyone can do some bug fixing before starting on features for 1.2.
>>>
>>> Let's aim for a release shortly after we all return in the New Year.
>>>
>>> ----
>>>
>>> Features for 1.2 includes:
>>>
>>> * SAML redirect logout (KEYCLOAK-771, Bill)
>>> * Custom user profiles (KEYCLOAK-311, Bill)
>>> * Kerberos brokering (KEYCLOAK-828, Marek)
>>> * LDAP enhancement (KEYCLOAK-886, Marek)
>>> * OpenID Connect Interop Testing (KEYCLOAK-524, Pedro)
>>> * OpenID Connect Discovery (KEYCLOAK-571, Pedro)
>>> * OpenID Connect Dynamic Registration (KEYCLOAK-684, Pedro)
>>> * OpenID Connect Session Management - review and finish missing parts
>>> (KEYCLOAK-451, Pedro)
>>> * Fabric8 integration (Stian)
>>>
>>> ----
>>>
>>> I've started creating JIRA's for tasks we defined at the F2F and
I'll
>>> also
>>> create agile boards (or use labels) to make it easy to identify
>>> categories
>>> of tasks. Main plan is to make it easy for us to pull out for example all
>>> tasks related to EAP, IDM, etc.
>>>
>>> I've also dropped the 1.x version. All tasks should now be scheduled for
>>> current version, the next version or not have a version associated with
>>> it.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev