7:33 a.m.
I’ve done the PR for the extension page (keycloak-authorization and keycloak-export), and
it’s been accepted. For the client-mapper I’ll see what’s necessary to be done to have it
merged directly into Keycloak.
For the mechanism of keycloak-authorization, I for one would like having this
functionality supported OOTB, whether through our (admittedly not very sophisticated)
system, or another. I received a message from Stian Thorgersen on the dev mailing (here:
http://lists.jboss.org/pipermail/keycloak-dev/2018-August/011116.html ) list asking more
details about the module, so I’ll at least be discussing the matter with him.
Cheers,
Alistair
From: Pedro Igor Silva <psilva(a)redhat.com>
Sent: vendredi 10 août 2018 18:52
To: Marek Posolda <mposolda(a)redhat.com>
Cc: Doswald Alistair <alistair.doswald(a)elca.ch>; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Keycloak Modules developed for the Cloudtrust project
Cool stuff ! Thanks for sharing.
I've looked keycloak-authorization very quickly and changes look really simple,
I'm glad to start a discussion about supporting this OOTB. Maybe this can be part of
the review of admin fine-grained permissions we are planning.
Regards.
Pedro Igor
On Fri, Aug 10, 2018 at 9:43 AM, Marek Posolda
<mposolda@redhat.com<mailto:mposolda@redhat.com>> wrote:
Thanks for the heads up!
IMO it will be cool if you send PR for the javascript mapper directly to
Keycloak, however we may need automated test and also docs (separate PR
needs to be sent for the docs).
For the keycloak-authorization and keycloak-export (and maybe for
keycloak-client-mappers too if you don't have time for the PR to
upstream), it may be good to send PR to update the extensions page
maybe? It's here: https://www.keycloak.org/extensions.html and sources
are here:
https://github.com/keycloak/keycloak-web/tree/master/src/main/resources/e...
. Assuming that those things are generally useful for the other users
from the community (I am not 100% sure about the keycloak-authorization.
Rather leaving to you to decide if it's generally useful or not). The
keycloak-wsfed is already on the extensions page.
Thanks!
Marek
On 10/08/18 11:44, Doswald Alistair wrote:
Hello,
I just wanted to let this mailing list know that for the Cloudtrust project
(https://github.com/cloudtrust), we have developed a certain number modules for Keycloak.
These are currently compatible with the version 3.4.3.Final of Keycloak, but we will make
them compatible with Keycloak 4.X (where X will be the latest sub-version of Keycloak when
we start working on this) as soon as we can. These modules are:
* keycloak-wsfed (https://github.com/cloudtrust/keycloak-wsfed): an implementation of the
WS-Federation protocol for keycloak. This allows to select the WS-Federation protocol for
Keycloak clients and for identity brokers.
* keycloak-authorization (https://github.com/cloudtrust/keycloak-authorization): this
module allows the use of the client authorization system to prevent a user which is
authenticated in a Keycloak realm to access a given client. It works no matter which
protocol is used, and without the client having to support any extra protocol. Note: this
solution is a bit hacky, but necessary for one of our use-cases.
* keycloak-client-mappers (https://github.com/cloudtrust/keycloak-client-mappers): a
module for adding any mappers that we might need that are not yet part of Keycloak.
Currently only contains a JavaScript mapper for SAML, analogous to the OIDC script mapper.
I've noticed that there's an open issue for this feature
(https://issues.jboss.org/browse/KEYCLOAK-5520). If desirable I could submit this code not
as a module but a solution to the issue.
* keycloak-export (https://github.com/cloudtrust/keycloak-export): a module adding an
endpoint to fully export a realm while Keycloak is still running (no need for
restarts!).
Cheers,
Alistair
PS: I'm mailing this both dev and user mailing lists as I believe it may interest
members of both mailing lists
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user