On 7/1/2014 8:32 AM, Tomaž Cerar wrote:

On Tue, Jul 1, 2014 at 2:25 PM, Vaclav Tunka <vtunka@redhat.com> wrote:
My impression is Keycloak does not belong into the categories
above, but maybe I don't know all the details.

You don't have all details, but your reasoning is completely sound.

Idea is to have keycloak auth mechanism as an option to have SSO for admin console.
But that doesn't mean it needs all those dependencies in the core.

We need to distinguish between, auth mechanism that should go to domain-http
and keycloak subsystem which is completely different beast and should go to probably full distro.
We don't necessarily need the keycloak subsystem in order to use keycloak for authenticating domain-http.  But keycloak subsystem is not the thing that pulls in all the dependencies.  It's the keycloak adapter that does this.

So if we want keycloak to authenticate domain-http out of the box then we have to include all this stuff with it.  That wasn't a problem before the split.  Almost everything it needed was already there.


wildfly-dev mailing list