11:25 a.m.
There's a lot of JBoss projects already integrating or looking at using Keycloak:
* AeroGear UPS
* LiveOak
* RTGov
* Hawt.io
* Fabric8
* Fuse
* S-RAMP
* APIMan
* ...
I think now is the time to make sure we can provide the best and consistent experience for
all projects. With that regards there's improvements we can make:
* Embeddable Keycloak - provide a slimmed down profile of Keycloak that can easily be
embedded into existing projects. The big question here is should we support deploying to
other containers than WildFly? I reckon as long as projects support other projects and we
want to be the main auth solution we do. I'd hate to see projects having to provide
alternative mechanisms themselves to continue to support Tomcat for example
* External Keycloak - make it simpler to link a project to an external Keycloak, including
sharing the master realm for SSO to all consoles
* Configuration - for both embeddable and external we need to make it easier for projects
to bootstrap and update application configuration (for example if hostname changes)
* Unified console - we need to align better with PatternFly and RCUE. We should also
provide a mechanism for linking between consoles
7:25 a.m.
On 8.1.2015 11:25, Stian Thorgersen wrote:
There's a lot of JBoss projects already integrating or looking at
using Keycloak:
* AeroGear UPS
* LiveOak
* RTGov
* Hawt.io
* Fabric8
* Fuse
* S-RAMP
* APIMan
* ...
I think now is the time to make sure we can provide the best and consistent experience
for all projects. With that regards there's improvements we can make:
* Embeddable Keycloak - provide a slimmed down profile of Keycloak that can easily be
embedded into existing projects. The big question here is should we support deploying to
other containers than WildFly? I reckon as long as projects support other projects and we
want to be the main auth solution we do. I'd hate to see projects having to provide
alternative mechanisms themselves to continue to support Tomcat for example
+1
I think that at least some basic support of auth-server on other
containers would be good. For example, if I am site administrator with
my applications running on Jetty in production, then I would look for
SSO/OIDC solution, which would run on Jetty too. Having my apps on Jetty
and auth-server on separate WF/EAP6 is overkill. Many tomcat/jetty/etc.
based deployments would go for different sso than keycloak due to this imo.
Maybe it could be really some slimmed down solution, which won't support
all the features (like CLI for example). As long as it allows add/remove
providers and themes and configure them through keycloak-server.json, it
should be ok imo.
As first thing, it seems that we may need osgi bundling of auth-server
running on jetty server on fuse/karaf. Currently hawtio and fuse
integration always requires external keycloak, which is a bit
limiting... It's something I can look into in near future (likely after
finish kerberos and other features with bigger priority).
Marek
* External Keycloak - make it simpler to link a project to an
external Keycloak, including sharing the master realm for SSO to all consoles
* Configuration - for both embeddable and external we need to make it easier for projects
to bootstrap and update application configuration (for example if hostname changes)
* Unified console - we need to align better with PatternFly and RCUE. We should also
provide a mechanism for linking between consoles
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
3672
days inactive
3673
days old
1 comments
2 participants
participants (2)
-
Marek Posolda -
Stian Thorgersen