Thanks Bill. I'm envisioning a slide with 3 columns (one for OpenUnison,
one for KC and one where there's overlap) so I'm going to try and keep it
brief but will certainly talk to anything I don't write down.
Here's what I'm thinking for each column including your comments:
OpenUnison
Authentication
* Kerberos
* Certificate
* Banner
* Username Only
* OTP over SMS
* OTP over Email
* Symantec VIP
* JIT Provisioning
* Authentication Levels
User Data Sources
* Integrated Virtual Directory
Role Management
* Workflow based approvals
* Multi stage approvals
* Escalations
Application Integration
* Reverse Proxy with LastMile (
J2EE/Apache/.NET)
* Reverse Proxy with SAML Login
* Reverse Proxy with Kerberos Constrained Delegation
UI Pages
* Generic JSP
Common
Authentication
* OIDC
* SAML2
* Social
* TOTP
* IdP "Broker" for both SAML2 and OIDC
* Login Chain / Flow
* Custom Interface
User Data Stores
* LDAP
* DB
* AD
* Custom
* Password reset
* Profile Updates
Role Management
* Map to multiple data sources
* Web services integration
Application Integration
* SAML2
* OIDC/OAuth2
* Reverse Proxy with header injection
KeyCloak
Authentication
* OIDC
* Social
* TOTP
* User session management
User Data Sources
* Integrated SPI
Role Management
* Local database
* Mapped to external data source
Application Integration
* OIDC/OAuth2
* REST Web Services
UI Pages
* Themed
* Internationalization/Localization
Anything you would like changed or mentioned?
Thanks
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein(a)tremolosecurity.com
<marc.boorshtein(a)tremolosecurity.com>(
<
https://www.google.com/voice?utm_source=en-ha-na-us-bk&utm_medium=ha&...)
828-4902
On Wed, Feb 24, 2016 at 11:22 AM, Bill Burke <bburke(a)redhat.com> wrote:
Much more:
- IDP brokering (Keycloak can be a child IDP to a parent IDP)
- reset credentials
- registration (with or without recaptcha)
- required actions (verify email, update credentials, update profile)
- User session management
Custom SPIs to create/augment:
- browser login flow
- reset credential flow
- registration
- REST validation
- service accounts
With this SPI you can add custom authentication types, perform workflow
actions, etc...
User self-help:
- Account management for logged in users.
Internationalization/Localization:
- Basically all UIs (admin console, login,
On 2/24/2016 8:20 AM, Marc Boorshtein wrote:
All,
I'm going to be presenting OpenUnison at an OpenShift briefing tomorrow
and have been asked to include a slide on how OpenUnison and Keycloak
relate to each other. Based on getting Keycloak running and looking at the
website and following the list I'm planning on breaking down KC's features
as such:
Authentication
* OIDC
* SAML2
* Social
* TOTP
* IdP "Proxy" for both SAML2 and OIDC
User Data Sources
* LDAP
* AD
* Custom
Role Management
* Local database
* Mapped to external data source
Application Integration
* SAML2
* OIDC/OAuth2
* Reverse Proxy with header injection
UI Pages
* Themed
I want to make sure this is accurate, so I'd appreciate any feedback that
you have.
Thanks
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein(a)tremolosecurity.com
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red
Hathttp://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user