Outstanding work for beta-4:
* User federation - what's the status?
* Require SSL by default - see previous email, I think we should add this for beta-4
* Access token validation endpoint (KEYCLOAK-585)
* Rename AuditListener/Provider to EventListener/Provider (KEYCLOAK-586, KEYCLOAK-587) -
should we do this?
* Support HttpServletRequest.authenticate() (KEYCLOAK-575) - should be simple enough?
* Turn off cookie cache for all http clients (KEYCLOAK-537) - not sure I understand this
issue? isn't sticky sessions something that's configured by the load balancer?
* RealmModel should have a link to realm admin app (KEYCLOAK-486) - I don't think the
admin console should refer to the app by name, instead it should either have a link or at
least the id of the app associated with the realm
* Issue with deploying on AS7 (KEYCLOAK-572) - should be fixed with new PL release, but do
we really care about supporting AS7?
Issues I propose we push to beta-5:
* LDAP sync - should this go into beta-5? or even wait until after final?
* Stress tests (KEYCLOAK-514) - we still haven't tested with a large amount of users
* DB optimizations (KEYCLOAK-515) - maybe push this to after final?
* "Transaction not active" while performing a shutdown (KEYCLOAK-470) - I
can't replicate this, do we close or just set to no fix version?
* Login with totp includes password in clear text (KEYCLOAK-576) - afaik it's not good
to include the password in plain-text in the html set to the client, which we do atm
As a reminder, I'm on PTO next week and Marek is on PTO tomorrow.