[keycloak-dev] Additional things to consider for 1.0.final

Stian Thorgersen stian at redhat.com
Thu Jul 17 08:55:55 EDT 2014


As we didn't have enough things to do last minute I come up with more things which I think we should do for 1.0.final:

1. Configure JPA through keycloak-server.json instead of persistence.xml

This would be super simple to do, and would let us have a single persistence.xml for everything (testsuite, server, project-integrations). Everything worthy of configuring in persistence.xml (including datasource) can be passed in the Map overrides when creating the EntityManagerFactory.


2. Introduce server-dependencies-min and server-dependencies-all poms

We have a few places that includes all the dependencies required (server, testsuite/integration and testsuite/) as well as other project such as AeroGear and LiveOak. Instead of everyone having to list all the dependencies they could have a single dependency on either server-dependencies-min or server-dependencies-all. Min would exclude most if not all provider implementations (such as PicketLink/LDAP, social providers, etc).


3. TOTP SPI

At the moment we only support Google Authenticator, I don't think that's sufficient. We should at the very least add support for one more, and have an SPI so users can add their own. I think this would be related to the UserProvider sync work, as some UserProvider implementations may require both a password and totp to verify a users credentials, while others would only be able to verify the password and then have Keycloak verify the totp.

Also, do we need to support users with more than one totp? Personally I have two for work (one I use daily and another for backup).


More information about the keycloak-dev mailing list