Re: [keycloak-user] Migration from Picketlink IDM
Glad that someone is still using picketlink 1.4. It reminds me some old
days when, I was working on GateIn Portal, which was using Picketlink
1.4 :) But I agree that it is good to migrate :) Answers inline.
On 07/08/17 11:07, Thomas DELHOMENIE wrote:
Hello,
We currently use PicketLink (in a quite old version : 1.4), especially the
IDM part. As Picketlink is a dead project, we are evaluating alternative
solutions, which naturally led us to Keycloak. I have some questions :
* I understand that Keycloak must be run as a server, but isn't there a way
to embed only the User Federation capability in an application (so not in
server mode) ? We basically need to be able to manage users/groups,
aggregate them from multiple sources (LDAP, AD, custom data store, ...) and
expose them in our API. That's what we did with Picketlink IDM, but I am
not sure it is feasible with Keycloak.
Not directly. Keycloak is meant to be used
as a server and do it for
you. Once user successfully authenticates, the details are available in
his accessToken. Application doesn't know from which source (LDAP
server) this info came from, it's not the responsibility of the
application. Also Keycloak has admin REST API, which allows you to
search for users and return corresponding JSON objects with user
details. We have nice admin client, which allows you to easily execute
this REST API from Java application.
* we provide the capability for the administrators of our application
to
configure their users and groups storages, by configuration. Is it still
possible with Keycloak or can this only be done via the admin console ?
We have
admin REST API and everything, which is doable in Keycloak admin
console, can be also done through admin REST API. In latest 3.2.1
version there is more fine grained admin permissions model, which should
allow you to specify permission for admins in more fine grained way if
needed.
Marek
Regards,
Thomas
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user