So after I actually put the slide together I realized I'd never be able to put this much information on one slide.  So I tried to distill it down to really key points:

https://s3.amazonaws.com/ts-public-downloads/random/Slide11.png

Let me know what you think.  Again, I appreciate the feedback.

Thanks

Marc Boorshtein
CTO Tremolo Security
marc.boorshtein@tremolosecurity.com
(703) 828-4902

On Wed, Feb 24, 2016 at 12:22 PM, Marc Boorshtein <marc.boorshtein@tremolosecurity.com> wrote:
Thanks Bill.  I'm envisioning a slide with 3 columns (one for OpenUnison, one for KC and one where there's overlap) so I'm going to try and keep it brief but will certainly talk to anything I don't write down.

Here's what I'm thinking for each column including your comments:

OpenUnison
Authentication
* Kerberos
* Certificate
* Banner
* Username Only
* OTP over SMS
* OTP over Email
* Symantec VIP
* JIT Provisioning
* Authentication Levels

User Data Sources
* Integrated Virtual Directory

Role Management
* Workflow based approvals
* Multi stage approvals
* Escalations

Application Integration
* Reverse Proxy with LastMile (J2EE/Apache/.NET)
* Reverse Proxy with SAML Login
* Reverse Proxy with Kerberos Constrained Delegation

UI Pages
* Generic JSP


Common
Authentication
* OIDC
* SAML2
* Social
* TOTP
* IdP "Broker" for both SAML2 and OIDC
* Login Chain / Flow
* Custom Interface

User Data Stores
* LDAP
* DB
* AD
* Custom
* Password reset
* Profile Updates

Role Management
* Map to multiple data sources
* Web services integration

Application Integration
* SAML2
* OIDC/OAuth2
Reverse Proxy with header injection


KeyCloak
Authentication
* OIDC
* Social
* TOTP
User session management

User Data Sources
* Integrated SPI

Role Management
* Local database
* Mapped to external data source

Application Integration
* OIDC/OAuth2
* REST Web Services


UI Pages
* Themed
Internationalization/Localization

Anything you would like changed or mentioned?

Thanks


Marc Boorshtein
CTO Tremolo Security

On Wed, Feb 24, 2016 at 11:22 AM, Bill Burke <bburke@redhat.com> wrote:
Much more:
- IDP brokering (Keycloak can be a child IDP to a parent IDP)
- reset credentials
- registration (with or without recaptcha)
- required actions (verify email, update credentials, update profile)
- User session management

Custom SPIs to create/augment:
- browser login flow
- reset credential flow
- registration
- REST validation
- service accounts

With this SPI you can add custom authentication types, perform workflow actions, etc...

User self-help:
- Account management for logged in users.

Internationalization/Localization:
- Basically all UIs (admin console, login,

On 2/24/2016 8:20 AM, Marc Boorshtein wrote:
All,

I'm going to be presenting OpenUnison at an OpenShift briefing tomorrow and have been asked to include a slide on how OpenUnison and Keycloak relate to each other.  Based on getting Keycloak running and looking at the website and following the list I'm planning on breaking down KC's features as such:

Authentication
* OIDC
* SAML2
* Social
* TOTP
* IdP "Proxy" for both SAML2 and OIDC

User Data Sources
* LDAP
* AD
* Custom

Role Management
* Local database
* Mapped to external data source

Application Integration
* SAML2
* OIDC/OAuth2
* Reverse Proxy with header injection

UI Pages
* Themed

I want to make sure this is accurate, so I'd appreciate any feedback that you have.

Thanks

Marc Boorshtein
CTO Tremolo Security



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user