I think that would satisfy my requirements - but not sure until I see that bridge along
with the Identity broker functionality in the next beta release - eagerly waiting for it.
From: Bill Burke <bburke(a)redhat.com>
To: keycloak-user(a)lists.jboss.org
Sent: Friday, February 6, 2015 10:21 AM
Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
Keycloak won't be a kerberos server any time soon, if ever. We are
creating a SAML/OIDC to kerberos bridge though.
On 1/30/2015 10:52 AM, Raghu Prabhala wrote:
Unfortunately yes. Kerberos is deeply ingrained in most of internal
applications/processes. While we can ask any new applications to use certificates, we have
to support Kerberos.
If that is not something that you will support, probably identity brokering would help. I
can write a Kerberos broker as long as it is given control ( need http request)
immediately by Keycloak, perhaps I can handle both authentication with key tabs (for
system accts) as well as SPNEGO for users
Sent from my iPhone
> On Jan 30, 2015, at 9:01 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
>
>
>
> ----- Original Message -----
>> From: "Raghu Prabhala" <prabhalar(a)yahoo.com>
>> To: "Stian Thorgersen" <stian(a)redhat.com>
>> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>,
"keycloak-user" <keycloak-user(a)lists.jboss.org>
>> Sent: Friday, 30 January, 2015 2:44:14 PM
>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>>
>> Great. Looking forward to the 1.2 Beta version.
>> Regarding the system account support, from my perspective, it is very
>> important because we have thousands of applications that interact with each
>> other using system accounts (authentication with Kerberos with keytabs) and
>> till we have that functionality, we will not be able to consider Keycloak as
>> a SSO solution even though it is coming out to be a good product. The sooner
>> we have it, the better. Hopefully, even other users will pitch in to request
>> that functionality so that you can bump it up in your priority list.
>> Thanks once again.Raghu
>
> For your use-case would it have to be Kerberos? Only options we've been
considering are certificates and jwt/jws.
>
>> From: Stian Thorgersen <stian(a)redhat.com>
>> To: Raghu Prabhala <prabhalar(a)yahoo.com>
>> Cc: keycloak dev <keycloak-dev(a)lists.jboss.org>; keycloak-user
>> <keycloak-user(a)lists.jboss.org>
>> Sent: Friday, January 30, 2015 2:10 AM
>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>>
>>
>>
>> ----- Original Message -----
>>> From: "Raghu Prabhala" <prabhalar(a)yahoo.com>
>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>> Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>,
"keycloak-user"
>>> <keycloak-user(a)lists.jboss.org>
>>> Sent: Thursday, January 29, 2015 6:44:11 PM
>>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>>>
>>> Congrats Keycloak team. A great deal of features in this release - really
>>> like SAML and clustering.
>>>
>>> But what I am really looking for is the next release as we need all the
>>> features you listed -any tentative dates for the beta version?
>>
>> We might do a beta soon, but that'll only include identity brokering. The
>> other features will be at least a month away.
>>
>>>
>>> The functionality provided so far seems to be targeted toward users
>>> accounts.
>>> When can we expect support for System accounts (with diff auth mechanisms
>>> like certificates, Kerberos etc?
>>
>> Some time this year we aim to have system accounts with certificates, it'll
>> depend on priorities. We don't have any plans to support Kerberos
>> authentication with system accounts, but maybe that makes sense to add as
>> well.
>>
>>
>>
>>>
>>> Thanks,
>>> Raghu
>>>
>>> Sent from my iPhone
>>>
>>>> On Jan 29, 2015, at 2:11 AM, Stian Thorgersen <stian(a)redhat.com>
wrote:
>>>>
>>>> The Keycloak team is proud to announce the release of Keycloak
>>>> 1.1.0.Final.
>>>> Highlights in this release includes:
>>>>
>>>> * SAML 2.0
>>>> * Clustering
>>>> * Jetty, Tomcat and Fuse adapters
>>>> * HTTP Security Proxy
>>>> * Automatic migration of db schema
>>>>
>>>> We’re already started working on features for the next release. Some
>>>> exiting features coming soon includes:
>>>>
>>>> * Identity brokering
>>>> * Custom user profiles
>>>> * Kerberos
>>>> * OpenID Connect interop
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org