On 7/1/2014 8:48 AM, Stan Silvert wrote:
On 7/1/2014 8:32 AM, Tomaž Cerar wrote:
>
> On Tue, Jul 1, 2014 at 2:25 PM, Vaclav Tunka <vtunka(a)redhat.com
> <mailto:vtunka@redhat.com>> wrote:
>
> My impression is Keycloak does not belong into the categories
> above, but maybe I don't know all the details.
>
>
>
> You don't have all details, but your reasoning is completely sound.
>
> Idea is to have keycloak auth mechanism as an option to have SSO for
> admin console.
> But that doesn't mean it needs all those dependencies in the core.
>
> We need to distinguish between, auth mechanism that should go to
> domain-http
> and keycloak subsystem which is completely different beast and should
> go to probably full distro.
We don't necessarily need the keycloak subsystem in order to use
keycloak for authenticating domain-http. But keycloak subsystem is not
the thing that pulls in all the dependencies. It's the keycloak adapter
that does this.
So if we want keycloak to authenticate domain-http out of the box then
we have to include all this stuff with it. That wasn't a problem before
the split. Almost everything it needed was already there.
"All this stuff" is really just Apache Http Client, Jackson and
Bouncycastle.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com