Re: [keycloak-dev] Remaining work for 1.1.0.Final

From: "Marek Posolda" <mposolda(a)redhat.com&gt; To: "Stian Thorgersen" <stian(a)redhat.com&gt;, "Pedro Igor Silva" <psilva(a)redhat.com&gt; Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org&gt; Sent: Tuesday, December 16, 2014 11:42:44 AM Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final On 16.12.2014 13:37, Stian Thorgersen wrote: > > ----- Original Message ----- >> From: "Pedro Igor Silva" <psilva(a)redhat.com&gt; >> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org&gt; >> Sent: Tuesday, 16 December, 2014 1:25:50 PM >> Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final >> >> Btw, regarding SAML brokering. I'm trying to focus on KC integration with >> a >> PL SAML IdP. I think that will help people (customers and community) >> already >> using PL to adopt KC without forcing them to drop existing infrastructure >> and investments. And that will also help them to think about a migration >> plan. > Makes sense. We should also provide a migration path for the stored users. > If we moved to PL IDM that'd be easy, but not sure that'll happen straight > away. Maybe we could provide a PL IDM user federation provider? Well, we defacto already have it :) Our LDAPFederationProvider is using Picketlink IDM API to bridge between keycloak model and org.picketlink.idm.model.basic.User . There is no direct interaction with LDAP, but everything goes through PL IDM API. In early stage when we discussed ldap integration and using PL IDM API for it, we also discussed that it could be nice if people could provide different source of PL IDM store. So there is PartitionManagerProvider interface, which provides access to pl idm PartitionManager. Right now we have just one implementation LDAPPartitionManagerProvider, which returns picketlink PartitionManager configured to use LDAP store based on ldap configuration provided by keycloak admin console. So theoretically only thing, which people need to do is to provide their own PartitionManagerProvider when they can configure PL IDM stores according to their environment. And this PartitionManagerProvider would need to be configured in keycloak-server.json, so it has precedence over the default LDAP based impl. Only condition is that their users should be retrievable with usage of org.picketlink.idm.model.basic.User from PL IDM Basic model.

Marek > >> ----- Original Message ----- >> From: "Pedro Igor Silva" <psilva(a)redhat.com&gt; >> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org&gt; >> Sent: Tuesday, December 16, 2014 10:15:40 AM >> Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final >> >> ----- Original Message ----- >>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >>> To: "Pedro Igor Silva" <psilva(a)redhat.com&gt; >>> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org&gt; >>> Sent: Tuesday, December 16, 2014 9:46:04 AM >>> Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final >>> >>> >>> >>> ----- Original Message ----- >>>> From: "Pedro Igor Silva" <psilva(a)redhat.com&gt; >>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org&gt; >>>> Sent: Tuesday, 16 December, 2014 12:38:35 PM >>>> Subject: Re: [keycloak-dev] Remaining work for 1.1.0.Final >>>> >>>> Stian, >>>> >>>> Regarding my tasks, I will be more dedicated to KC once I decrease >>>> my >>>> PL >>>> backlog a bit. This week is becoming very productive and will help >>>> me >>>> to >>>> plan my work load with more focus on my KC tasks. >>>> >>> Great, I was hoping that'd be the case :) >>> >>>> Release date for 1.1.0.Final is 09/Feb/15, right ? >>> No, hopefully around 09/Jan/15. With regards to identity brokering do you >>> think you'll be able to wrap-it up by then or would you need longer? >> In JIRA, 1.1.0.Final is targeted to 09/Feb/15. That is why I asked ... >> >> Regarding the brokering stuff, the missing bits are: >> >> - Remove old social references from code. >> - Review Account page. >> - Add more config options to SAML brokering >> - Upload IdP metadata >> - Signature and Encryption support >> - Http Binding Configuration for AuthnRequests >> - NameID Format configuration for AuthnRequests >> - Automatic redirection when no credential is supported and a single IdP >> is >> configured/enabled. >> - Test KC brokering. >> - Requires a better OIDC support in KC. We already have some JIRAs for >> that. >> >> There is also the attribute mapping stuff. Which will allow users to >> resolve >> claims/attributes from trusted IdPs. But to support that, I think we first >> need the custom claim/profiles in place. However, this is not a blocker >> for >> a first release IMO. >> >> The broker is already doing the job. UI, model, REST endpoints, >> persistence >> and SPI are fine. We have everything we need to focus only on the >> functional >> bits. >> >>> For the other OpenID Connect tasks (1.2) we'll just do them in priority >>> order. If you get stuck on PL issues we can push them out, or someone >>> else >>> can help you. >>> >>>> Regards. >>>> >>>> ----- Original Message ----- >>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>> To: "keycloak dev" <keycloak-dev(a)lists.jboss.org&gt; >>>> Sent: Tuesday, December 16, 2014 9:13:44 AM >>>> Subject: [keycloak-dev] Remaining work for 1.1.0.Final >>>> >>>> Before we start any new features we should release 1.1.0.Final. Are >>>> there >>>> any >>>> outstanding tasks not listed in JIRA: >>>> >>>> https://issues.jboss.org/issues/?jql=project%20%3D%20KEYCLOAK%20AND%20res... >>>> >>>> There's quite a lot of bugs associated with the release. I'd like us to >>>> try >>>> to get rid of as many as possible before releasing, so would be great if >>>> everyone can do some bug fixing before starting on features for 1.2. >>>> >>>> Let's aim for a release shortly after we all return in the New Year. >>>> >>>> ---- >>>> >>>> Features for 1.2 includes: >>>> >>>> * SAML redirect logout (KEYCLOAK-771, Bill) >>>> * Custom user profiles (KEYCLOAK-311, Bill) >>>> * Kerberos brokering (KEYCLOAK-828, Marek) >>>> * LDAP enhancement (KEYCLOAK-886, Marek) >>>> * OpenID Connect Interop Testing (KEYCLOAK-524, Pedro) >>>> * OpenID Connect Discovery (KEYCLOAK-571, Pedro) >>>> * OpenID Connect Dynamic Registration (KEYCLOAK-684, Pedro) >>>> * OpenID Connect Session Management - review and finish missing parts >>>> (KEYCLOAK-451, Pedro) >>>> * Fabric8 integration (Stian) >>>> >>>> ---- >>>> >>>> I've started creating JIRA's for tasks we defined at the F2F and I'll >>>> also >>>> create agile boards (or use labels) to make it easy to identify >>>> categories >>>> of tasks. Main plan is to make it easy for us to pull out for example >>>> all >>>> tasks related to EAP, IDM, etc. >>>> >>>> I've also dropped the 1.x version. All tasks should now be scheduled for >>>> current version, the next version or not have a version associated with >>>> it. >>>> _______________________________________________ >>>> keycloak-dev mailing list >>>> keycloak-dev(a)lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>> >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev