Sure, proxy is the obvious name, but for reasons already mentioned by Bruno
it's not really an option for us.
It comes from the Keycloak team, so it should have the Keycloak name in it.
I agree that doesn't automatically state it's a generic OIDC adapter, but
I'd like to keep our name in there.
From the suggestions so far there are two I like:
* Keycloak Gatekeeper - suggested by Thomas on the poll. I really like this
and it fits nicely with Keycloak. It's also so much cooler than
proxy/standalone/etc.
* Keycloak Standalone Adapter
On Tue, 21 Aug 2018 at 04:27, Fox, Kevin M <Kevin.Fox(a)pnnl.gov> wrote:
Coming from the outside world, I mostly searched for oidc and proxy
as
thats what I needed. I found oauth2_proxy after a little searching, but
have been disappointed in how slow its releases are. Bugs aren't getting
fixed quickly. When I looked at keycloak-proxy initially, I didn't look
closer for a while as i thought is was keycloak specific.
So, something like oidc-proxy might get you more successful hits.
Thanks,
Kevin
________________________________________
From: keycloak-user-bounces(a)lists.jboss.org [
keycloak-user-bounces(a)lists.jboss.org] on behalf of Alex Szczuczko [
aszczucz(a)redhat.com]
Sent: Monday, August 20, 2018 2:04 PM
To: Bruno Oliveira; Hynek Mlnarik
Cc: keycloak-dev; keycloak-user
Subject: Re: [keycloak-user] Keycloak Proxy Rename
In thinking a new name, I tried to look hard at these things:
1. what this software actually does.
2. what makes this software desirable to a user.
3. what "adapter" has meant for keycloak in the past.
I'm not the best person to answer these questions, but here's what I've
dug up:
1. Accepts HTTP requests and talks with Keycloak via OIDC to see if
the client it serves should treat the requests as authenticated
and/or authorized.
2. It avoids the need to install a bit of Keycloak software into the
users' applications.
3. According to the docs[1]: Keycloak client adapters are libraries
that makes it very easy to secure applications and services with
Keycloak ... our adapters easy to use and they require less
boilerplate code than what is typically required by a library.
#1 is what we've been focusing on with names like "proxy". The reasons
such names are dissatisfying is there is nothing unique about sitting in
between two endpoints and doing stuff. So, we need to look at what that
"stuff" means for Keycloak.
#3 in combination with #2 tells us what this "stuff" means for Keycloak.
This new software is clearly not an adapter. Actually, this new software
accomplishes the mission of an adapter better than adapters themselves!
Following that logic, Superadapter is my main proposal for a new name.
Maybe throw in OIDC (oidc-superadapter) if there's ever going to be a
saml-superadapter.
Alternatively, we could focus on the lack of an adapter, with names
based on terms like Adapterless:
- AKI: Adapterless Keycloak Integrator
- KOSA: Keycloak OIDC Sans-Adapter
- AKOS: Adapterless Keycloak OIDC Server
- KOAF: Keycloak OIDC Adapter-Free
- etc...
Alex
[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#what-are-cl...
Quoting Bruno Oliveira (2018-08-20 09:54:42)
> Only to give a brief context for people not aware of it. Keycloak
> Generic Adapter was not well accepted, because the naming is too
> vague. So we have to reopen this discussion and think about a better
> naming.
>
> During our team call today I suggested just "keycloak-adapter", which
> would cover the apps which don't have its own specific adapter
> solution.
>
> That said, maybe we should open a new poll? I just created a new one
> where people can vote/suggest:
>
>
https://poll.ly/#/Lbww4ebG
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user