Hello,
I just wanted to let this mailing list know that for the Cloudtrust project
(
https://github.com/cloudtrust), we have developed a certain number modules for Keycloak.
These are currently compatible with the version 3.4.3.Final of Keycloak, but we will make
them compatible with Keycloak 4.X (where X will be the latest sub-version of Keycloak when
we start working on this) as soon as we can. These modules are:
* keycloak-wsfed (
https://github.com/cloudtrust/keycloak-wsfed): an implementation of the
WS-Federation protocol for keycloak. This allows to select the WS-Federation protocol for
Keycloak clients and for identity brokers.
* keycloak-authorization (
https://github.com/cloudtrust/keycloak-authorization): this
module allows the use of the client authorization system to prevent a user which is
authenticated in a Keycloak realm to access a given client. It works no matter which
protocol is used, and without the client having to support any extra protocol. Note: this
solution is a bit hacky, but necessary for one of our use-cases.
* keycloak-client-mappers (
https://github.com/cloudtrust/keycloak-client-mappers): a
module for adding any mappers that we might need that are not yet part of Keycloak.
Currently only contains a JavaScript mapper for SAML, analogous to the OIDC script mapper.
I've noticed that there's an open issue for this feature
(
https://issues.jboss.org/browse/KEYCLOAK-5520). If desirable I could submit this code not
as a module but a solution to the issue.
* keycloak-export (
https://github.com/cloudtrust/keycloak-export): a module adding an
endpoint to fully export a realm while Keycloak is still running (no need for restarts!).
Cheers,
Alistair
PS: I'm mailing this both dev and user mailing lists as I believe it may interest
members of both mailing lists