[keycloak-dev] Remove IDM entirely or keep Picketlink federation provider?
mposolda at redhat.com
Wed Apr 8 09:18:40 EDT 2015
Not sure if we already decide about $subject. I am in the middle of
forking LDAP from PLIDM and removing PLIDM dependency. Now I wonder if I
1) Remove PLIDM dependency entirely from whole codebase
2) Create the module with Picketlink FederationProvider, which won't be
packaged in distribution by default. This can be separate package used
on demand by EAP customers to migrate their PLIDM users into Keycloak
users. This module will be the only place, which will be still dependent
on PLIDM, but since it won't be in distribution by default, we can
remove PLIDM dependency from appliance and war distributions.
The reason I am asking is, that current LDAPFederationProvider can be
quite easily converted into PicketlinkFederationProvider. But limitation
is, that it will migrate just users. It won't migrate IDM roles into
Or should I simply go with (1) and don't care about the migration for now?
More information about the keycloak-dev