I certainly don't mean to downplay the value of being able to manage accounts. Being
able to assign custom roles that are not reflected in LDAP/AD is going to be important,
and necessary for social logins. And even though we would prefer not deal with local
passwords, being able to support that feature with a toggle in a UI is a selling point.
Regards
Matthew Casperson
RHCE, RHCJA # 111-072-237
Engineering Content Services
Brisbane, Australia
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Saturday, 7 December, 2013 8:54:21 AM
Subject: Re: [keycloak-dev] Can KeyCloack be used without any passwords?
On 12/6/2013 4:35 PM, Matt Casperson wrote:
If KeyCloak could give us the ability to defer account and password
management entirely to social logins or an existing LDAP/AD database
with something as simple as a toggle in the admin console, it would be a
huge win.
Keycloak aims to be an SSO solution, not an SSO adapter.
For non-social deployments, account management is a huge part of what
Keycloak does. Maybe I'm naive in thinking admins will want to use
Keycloak to management accounts though.
Even for social deployments, there's a lot of account management
involved, i.e. managing oauth grants, registering devices, all things we
want to be able to do.
What is stored in LDAP/AD databases usually? user/password/credentials
only? What about permissions/role mappings? Is doing a background sync
to an LDAP/AD database not something people are going to want to do?
Syncing means credentials are copied.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev