Don't we need to have LDAP as a user store? Won't companies have a user
LDAP store they want to point Keycloak to? If you have an Auth SPI
only, then you'll still need to register the users with Keycloak.
On 3/14/2014 9:12 AM, Stian Thorgersen wrote:
For the first round of LDAP integration we will only focus on
authenticating with LDAP.
This will work by adding an Authentication SPI. It will provide two methods, verify user
password and update user password. We'll have two implementations of this, Keycloak
Model and LDAP (via PicketLink).
It should be possible to configure which Authentication SPI provider is used by a Realm
through the admin console. This will include setting up configuration for the LDAP
server.
Second round (which will have a low priority for beta1, so will most likely be postponed
to after the 1.0.Final) will be to add a Sync SPI. This will support one-way and two-way
of syncing data from an external resource into the Keycloak model. It will support
resource that allows registering listeners for events (for near real-time syncing) as well
as interval based pulling when this is not possible.
JIRA issue for this is:
https://issues.jboss.org/browse/KEYCLOAK-316
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com