Re: [keycloak-dev] Can KeyCloack be used without any passwords?

I just realized why there may have been some confusion on the social login and creation of users. Showing the registration form on first social login is optional, but the option to disable has disappeared from the admin console. I've just committed a fix for this. ----- Original Message ----- > From: "Matt Casperson" <mcaspers(a)redhat.com&gt; > To: "Bill Burke" <bburke(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Saturday, 7 December, 2013 8:20:51 PM > Subject: Re: [keycloak-dev] Can KeyCloack be used without any passwords? > > I certainly don't mean to downplay the value of being able to manage > accounts. Being able to assign custom roles that are not reflected in > LDAP/AD is going to be important, and necessary for social logins. And even > though we would prefer not deal with local passwords, being able to support > that feature with a toggle in a UI is a selling point. > > Regards > > Matthew Casperson > RHCE, RHCJA # 111-072-237 > Engineering Content Services > Brisbane, Australia > > > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Saturday, 7 December, 2013 8:54:21 AM > Subject: Re: [keycloak-dev] Can KeyCloack be used without any passwords? > > On 12/6/2013 4:35 PM, Matt Casperson wrote: >> If KeyCloak could give us the ability to defer account and password >> management entirely to social logins or an existing LDAP/AD database >> with something as simple as a toggle in the admin console, it would be a >> huge win. >> > > Keycloak aims to be an SSO solution, not an SSO adapter. > > For non-social deployments, account management is a huge part of what > Keycloak does. Maybe I'm naive in thinking admins will want to use > Keycloak to management accounts though. > > Even for social deployments, there's a lot of account management > involved, i.e. managing oauth grants, registering devices, all things we > want to be able to do. > > > What is stored in LDAP/AD databases usually? user/password/credentials > only? What about permissions/role mappings? Is doing a background sync > to an LDAP/AD database not something people are going to want to do? > Syncing means credentials are copied. > > Bill > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > > > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev