[keycloak-dev] Can KeyCloack be used without any passwords?
Bill Burke
bburke at redhat.com
Fri Dec 6 17:54:21 EST 2013
On 12/6/2013 4:35 PM, Matt Casperson wrote:
> If KeyCloak could give us the ability to defer account and password
> management entirely to social logins or an existing LDAP/AD database
> with something as simple as a toggle in the admin console, it would be a
> huge win.
>
Keycloak aims to be an SSO solution, not an SSO adapter.
For non-social deployments, account management is a huge part of what
Keycloak does. Maybe I'm naive in thinking admins will want to use
Keycloak to management accounts though.
Even for social deployments, there's a lot of account management
involved, i.e. managing oauth grants, registering devices, all things we
want to be able to do.
What is stored in LDAP/AD databases usually? user/password/credentials
only? What about permissions/role mappings? Is doing a background sync
to an LDAP/AD database not something people are going to want to do?
Syncing means credentials are copied.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list