Mongo model project seems to have picketlink dependencies: org.picketlink.common These need to be isolated and removed as a dependency. Since we may be introducing Keycloak into EAP (via Aerogear) we want to be sure we can remove any version conflicting picketlink dependencies. So, anything picketlink related has to be behind a plugglable and removable SPI.

AeroGear will use a stripped-down version of Keycloak WAR, without mongo, ldap, social, etc. so this won't be an issue for them, but I agree that we should remove this dependency from the Mongo model though. I don't see a problem with us using the latest version of PicketLink as long as only authentication-picketlink depends on it. ----- Original Message ----- > From: "Marek Posolda" <mposolda(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Tuesday, 29 April, 2014 10:59:23 PM > Subject: Re: [keycloak-dev] isolate picketlink dependency please > > Mongo model is using just some helper reflection classes from > org.picketlink.common. It should be easy to fork some functionality and > completely remove dependency on org.picketlink.common from mongo model. > > However picketlink is also used for Ldap integration and here it's more > complicated... > > So what exactly is the requirement for picketlink integration? Am I > understand correctly that all picketlink dependencies must be removed > from auth-server.war/WEB-INF/lib/ and added as deps to > auth-server.war/WEB-INF/jboss-deployment-structure.xml instead? > > If I understand correctly, this means that Keycloak must use same > Picketlink version, which is bundled with EAP. Do you know what is our > target EAP version and which version of Picketlink is in it? > > Today I've upgraded Keycloak to newly released Picketlink 2.6.0.CR2, > which contains some nice LDAP improvements and fixes (like support for > RHDS and connection pooling). So it seems that I will need to revert > this and use some older picketlink version bundled in EAP instead:-( > > Marek > > On 29.4.2014 18:15, Bill Burke wrote: >> Mongo model project seems to have picketlink dependencies: >> >> org.picketlink.common >> >> These need to be isolated and removed as a dependency. Since we may be >> introducing Keycloak into EAP (via Aerogear) we want to be sure we can >> remove any version conflicting picketlink dependencies. So, anything >> picketlink related has to be behind a plugglable and removable SPI. > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >

It may be in the future, if we want to support all/most features on EAP, but I don't think we do now. Bill: wdyt? ----- Original Message ----- > From: "Marek Posolda" <mposolda(a)redhat.com&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 30 April, 2014 9:30:14 AM > Subject: Re: [keycloak-dev] isolate picketlink dependency please > > Ok, I will remove the dependency from the mongo model, that's an easy > part though. > > So the fact that we actually bundle latest picketlink jars inside > Keycloak WAR in auth-server.war/WEB-INF/lib/ is not an issue? > > Marek > > On 30.4.2014 09:43, Stian Thorgersen wrote: >> AeroGear will use a stripped-down version of Keycloak WAR, without mongo, >> ldap, social, etc. so this won't be an issue for them, but I agree that we >> should remove this dependency from the Mongo model though. >> >> I don't see a problem with us using the latest version of PicketLink as >> long as only authentication-picketlink depends on it. >> >> ----- Original Message ----- >>> From: "Marek Posolda" <mposolda(a)redhat.com&gt; >>> To: keycloak-dev(a)lists.jboss.org >>> Sent: Tuesday, 29 April, 2014 10:59:23 PM >>> Subject: Re: [keycloak-dev] isolate picketlink dependency please >>> >>> Mongo model is using just some helper reflection classes from >>> org.picketlink.common. It should be easy to fork some functionality and >>> completely remove dependency on org.picketlink.common from mongo model. >>> >>> However picketlink is also used for Ldap integration and here it's more >>> complicated... >>> >>> So what exactly is the requirement for picketlink integration? Am I >>> understand correctly that all picketlink dependencies must be removed >>> from auth-server.war/WEB-INF/lib/ and added as deps to >>> auth-server.war/WEB-INF/jboss-deployment-structure.xml instead? >>> >>> If I understand correctly, this means that Keycloak must use same >>> Picketlink version, which is bundled with EAP. Do you know what is our >>> target EAP version and which version of Picketlink is in it? >>> >>> Today I've upgraded Keycloak to newly released Picketlink 2.6.0.CR2, >>> which contains some nice LDAP improvements and fixes (like support for >>> RHDS and connection pooling). So it seems that I will need to revert >>> this and use some older picketlink version bundled in EAP instead:-( >>> >>> Marek >>> >>> On 29.4.2014 18:15, Bill Burke wrote: >>>> Mongo model project seems to have picketlink dependencies: >>>> >>>> org.picketlink.common >>>> >>>> These need to be isolated and removed as a dependency. Since we may be >>>> introducing Keycloak into EAP (via Aerogear) we want to be sure we can >>>> remove any version conflicting picketlink dependencies. So, anything >>>> picketlink related has to be behind a plugglable and removable SPI. >>> _______________________________________________ >>> keycloak-dev mailing list >>> keycloak-dev(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>> > > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 30 April, 2014 2:48:35 PM > Subject: Re: [keycloak-dev] isolate picketlink dependency please > > Primary Keycloak code should not depend on Picketlink. Picketlink > should always be hidden by SPIs. So, if we need to provide LDAP support > on EAP using an older version of Picketlink, then we write a separate > maven module using that older version of Picketlink and plug it in. > > Following me? Yep > Right now, it looks that only the Mongo data model has a PL dependency. > Correct? Yes (except authentication/authentication-picketlink of course)

> On 4/30/2014 4:44 AM, Stian Thorgersen wrote: >> It may be in the future, if we want to support all/most features on EAP, >> but I don't think we do now. >> >> Bill: wdyt? >> >> ----- Original Message ----- >>> From: "Marek Posolda" <mposolda(a)redhat.com&gt; >>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>> Cc: keycloak-dev(a)lists.jboss.org >>> Sent: Wednesday, 30 April, 2014 9:30:14 AM >>> Subject: Re: [keycloak-dev] isolate picketlink dependency please >>> >>> Ok, I will remove the dependency from the mongo model, that's an easy >>> part though. >>> >>> So the fact that we actually bundle latest picketlink jars inside >>> Keycloak WAR in auth-server.war/WEB-INF/lib/ is not an issue? >>> >>> Marek >>> >>> On 30.4.2014 09:43, Stian Thorgersen wrote: >>>> AeroGear will use a stripped-down version of Keycloak WAR, without mongo, >>>> ldap, social, etc. so this won't be an issue for them, but I agree that >>>> we >>>> should remove this dependency from the Mongo model though. >>>> >>>> I don't see a problem with us using the latest version of PicketLink as >>>> long as only authentication-picketlink depends on it. >>>> >>>> ----- Original Message ----- >>>>> From: "Marek Posolda" <mposolda(a)redhat.com&gt; >>>>> To: keycloak-dev(a)lists.jboss.org >>>>> Sent: Tuesday, 29 April, 2014 10:59:23 PM >>>>> Subject: Re: [keycloak-dev] isolate picketlink dependency please >>>>> >>>>> Mongo model is using just some helper reflection classes from >>>>> org.picketlink.common. It should be easy to fork some functionality and >>>>> completely remove dependency on org.picketlink.common from mongo model. >>>>> >>>>> However picketlink is also used for Ldap integration and here it's more >>>>> complicated... >>>>> >>>>> So what exactly is the requirement for picketlink integration? Am I >>>>> understand correctly that all picketlink dependencies must be removed >>>>> from auth-server.war/WEB-INF/lib/ and added as deps to >>>>> auth-server.war/WEB-INF/jboss-deployment-structure.xml instead? >>>>> >>>>> If I understand correctly, this means that Keycloak must use same >>>>> Picketlink version, which is bundled with EAP. Do you know what is our >>>>> target EAP version and which version of Picketlink is in it? >>>>> >>>>> Today I've upgraded Keycloak to newly released Picketlink 2.6.0.CR2, >>>>> which contains some nice LDAP improvements and fixes (like support for >>>>> RHDS and connection pooling). So it seems that I will need to revert >>>>> this and use some older picketlink version bundled in EAP instead:-( >>>>> >>>>> Marek >>>>> >>>>> On 29.4.2014 18:15, Bill Burke wrote: >>>>>> Mongo model project seems to have picketlink dependencies: >>>>>> >>>>>> org.picketlink.common >>>>>> >>>>>> These need to be isolated and removed as a dependency. Since we may be >>>>>> introducing Keycloak into EAP (via Aerogear) we want to be sure we can >>>>>> remove any version conflicting picketlink dependencies. So, anything >>>>>> picketlink related has to be behind a plugglable and removable SPI. >>>>> _______________________________________________ >>>>> keycloak-dev mailing list >>>>> keycloak-dev(a)lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>> >>> >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev