Oh, FYI, BASIC auth problem should be fixed next release (early September).
On 8/21/2015 1:23 PM, Bill Burke wrote:
I won't give somebody what they want if it is the wrong decision.
Its
better to enforce best practices. BASIC Auth is a fine protocol, the
issue is that the remote app gets access to credentials.
On 8/21/2015 1:02 PM, Eric Wittmann wrote:
> I'm not a fan of basic auth either, but ... give the people what they want?
>
> We had to implement a BASIC Authentication Policy in apiman for the same
> reason - lots of people use it and want it still.
>
> On 8/21/2015 11:09 AM, Bill Burke wrote:
>> BTW, I despise our Basic Auth option. One of the points of SAML/OIDC is
>> that the application never has access to user credentials. Using Basic
>> Auth violates that principle....But to each his own...
>>
>> On 8/21/2015 10:03 AM, Bill Burke wrote:
>>>
https://issues.jboss.org/browse/KEYCLOAK-1778
>>>
>>> committing a fix for this in next hour or so. Please elaborate on your
>>> CORS problem though.
>>>
>>> On 8/21/2015 9:56 AM, Bill Burke wrote:
>>>> I'm more interested in the CORS problems. What you want is an easy
>>>> fix.
>>>>
>>>> On 8/21/2015 9:47 AM, Eric Wittmann wrote:
>>>>> Can we get an option that disables the login redirect but still
allows
>>>>> BASIC auth to work?
>>>>>
>>>>> -Eric
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>
>>>>
>>>
>>