Re: [keycloak-dev] Remove IDM entirely or keep Picketlink federation provider?

----- Original Message ----- > From: "Marek Posolda" <mposolda(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 8 April, 2015 3:18:40 PM > Subject: [keycloak-dev] Remove IDM entirely or keep Picketlink federation provider? > > Not sure if we already decide about $subject. I am in the middle of > forking LDAP from PLIDM and removing PLIDM dependency. Now I wonder if I > should: > > 1) Remove PLIDM dependency entirely from whole codebase > > 2) Create the module with Picketlink FederationProvider, which won't be > packaged in distribution by default. This can be separate package used > on demand by EAP customers to migrate their PLIDM users into Keycloak > users. This module will be the only place, which will be still dependent > on PLIDM, but since it won't be in distribution by default, we can > remove PLIDM dependency from appliance and war distributions. > > The reason I am asking is, that current LDAPFederationProvider can be > quite easily converted into PicketlinkFederationProvider. But limitation > is, that it will migrate just users. It won't migrate IDM roles into > Keycloak roles.. > > Or should I simply go with (1) and don't care about the migration for now? As 2 can't do roles as well it's not really that useful. Also, since IDM is so flexible I can't see us providing one that works for everyone (if anyone?! at all). So maybe what we should do is to provide an example that users can fork/modify?

> Marek > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >