9:52 a.m.
Hi,
We are assessing several auth/IDM/SSO solutions for our project (an
enterprise Java EE application with REST services and WebSocket
endpoints). Initially, we leaned towards PicketLink, but recently I've
been advised several times to prefer KeyCloak instead. I'm still
hesitant because PicketLink offers a concise, well-architectured,
JavaEE-integrated IDM API that suits our needs perfectly. Imagine that
you need to:
1) identify currently logged-in user and retrieve his common
attributes (like name, email, photo etc.);
2) determine the user's roles and groups;
3) enumerate users of any given role/group, or perform more
sophisticated user search.
With PicketLink, all the above is done quite straightforward, using
Identity/IdentityManager/PartitionManager/RelationshipManager classes.
Yet, I didn't figure out how to implement the same with KeyCloak.
Any help appreciated. Thanks!
7:43 a.m.
You are correct. Keycloak is not in the IDM API business. Each
application rolling their own security for their own identity model is
just a poor way of doing things. Instead each application is integrated
with SSO via SAML/OpenID Connect, the server has a common identity model
and federation plugins map to this model. The Server does have a remote
REST API, but we discourage using this, as most identity management
should be done by the server.
On 8/23/2015 10:52 AM, Mitya wrote:
Hi,
We are assessing several auth/IDM/SSO solutions for our project (an
enterprise Java EE application with REST services and WebSocket
endpoints). Initially, we leaned towards PicketLink, but recently I've
been advised several times to prefer KeyCloak instead. I'm still
hesitant because PicketLink offers a concise, well-architectured,
JavaEE-integrated IDM API that suits our needs perfectly. Imagine that
you need to:
1) identify currently logged-in user and retrieve his common
attributes (like name, email, photo etc.);
2) determine the user's roles and groups;
3) enumerate users of any given role/group, or perform more
sophisticated user search.
With PicketLink, all the above is done quite straightforward, using
Identity/IdentityManager/PartitionManager/RelationshipManager classes.
Yet, I didn't figure out how to implement the same with KeyCloak.
Any help appreciated. Thanks!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3428
days inactive
3431
days old
1 comments
2 participants
participants (2)
-
Bill Burke -
Mitya