On 01/07/14 13:32, Tomaž Cerar wrote:
On Tue, Jul 1, 2014 at 2:25 PM, Vaclav Tunka <vtunka(a)redhat.com
My impression is Keycloak does not belong into the categories
above, but maybe I don't know all the details.
You don't have all details, but your reasoning is completely sound.
Idea is to have keycloak auth mechanism as an option to have SSO for
But that doesn't mean it needs all those dependencies in the core.
We need to distinguish between, auth mechanism that should go to domain-http
and keycloak subsystem which is completely different beast and should go
to probably full distro.
Just to clarify one point, the current security infrastructure within
the server be that management or ee is being replaced with Elytron and
anything that is integrated such as PicketLink and KeyCloak will be
integrated on top of that so what we are learning at the moment is more
proof of concept rather than final solution when it comes to the
The approach that we are moving to for Elytron is that it will entirely
be contained within a subsystem. So for our distributions we are most
likely going to want security out of the box so would include the
Elytron subsystem - however as advisable as it is I don't see it's
inclusion by default as a base requirement on a core of the sever.
wildfly-dev mailing list