[keycloak-dev] relationship between application and realm

Bill Burke bburke at redhat.com
Fri Sep 13 10:10:58 EDT 2013



On 9/13/2013 9:59 AM, Stian Thorgersen wrote:
> For social Keycloak should provide integrated and branded experiences. This is done by letting developers use their own key and secrets for social networks. It still saves users a lot of work to incorporate login with social networks. Incorporating social networks is a non-trivial thing if done correctly (I can elaborate on this if you want).
>
> SSO is one compelling features yes, but there's loads more very nice features that we can provide:
>
> * Audit
> * User management
> * User workflows - password reset, verify email, etc, etc..
> * Social aspects
> * Multi-factor authentication
> * Link with corporate identity providers (for example LDAP)
> * Ability to use the same solution for server-side, client-side and mobile applications
>

There's already solutions internal and external to Red Hat that provide 
many of these features.  I think we can do it *BETTER*, but familiarity 
breeds complacency and users just might stick to what they know than 
move to Keycloak even if it is better.

I honestly think TOTP, OAuth Grants, and SSO will be our most important 
features to grab initial users.

I don't have much data on why I think this, its just from users pinging 
me on Resteasy lists, sales pinging me on email, and sitting in security 
presentations at JBW, RHS.  Even Thomas Heute telling me people buy 
JBoss Portal for its Identity Management.

> Of course, how useful each feature is depends on the target audience! IMO Keycloak will provide loads of value to:
>
> * A single logical app - but where there's different versions (desktop, mobile, etc.)
> * A enterprise with loads of REST services, desktop applications, web applications, mobile applications, etc....
>

These two fall into the SSO category. :)

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list