Re: [keycloak-user] KeyCloak and identity management for Java EE

Wednesday, 26 August 2015

You are correct.  Keycloak is not in the IDM API business.  Each 
application rolling their own security for their own identity model is 
just a poor way of doing things.  Instead each application is integrated 
with SSO via SAML/OpenID Connect, the server has a common identity model 
and federation plugins map to this model.  The Server does have a remote 
REST API, but we discourage using this, as most identity management 
should be done by the server.

On 8/23/2015 10:52 AM, Mitya wrote:
...
 Hi,

 We are assessing several auth/IDM/SSO solutions for our project (an
 enterprise Java EE application with REST services and WebSocket
 endpoints). Initially, we leaned towards PicketLink, but recently I've
 been advised several times to prefer KeyCloak instead. I'm still
 hesitant because PicketLink offers a concise, well-architectured,
 JavaEE-integrated IDM API that suits our needs perfectly. Imagine that
 you need to:

 1) identify currently logged-in user and retrieve his common
 attributes (like name, email, photo etc.);
 2) determine the user's roles and groups;
 3) enumerate users of any given role/group, or perform more
 sophisticated user search.

 With PicketLink, all the above is done quite straightforward, using
 Identity/IdentityManager/PartitionManager/RelationshipManager classes.
 Yet, I didn't figure out how to implement the same with KeyCloak.

 Any help appreciated. Thanks!
 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] KeyCloak and identity management for Java EE