On Tue, Jul 1, 2014 at 2:25 PM, Vaclav Tunka <vtunka@redhat.com> wrote:
My impression is Keycloak does not belong into the categories
above, but maybe I don't know all the details.

You don't have all details, but your reasoning is completely sound.

Idea is to have keycloak auth mechanism as an option to have SSO for admin console.
But that doesn't mean it needs all those dependencies in the core.

We need to distinguish between, auth mechanism that should go to domain-http
and keycloak subsystem which is completely different beast and should go to probably full distro.