[keycloak-dev] Remove IDM entirely or keep Picketlink federation provider?

Marek Posolda mposolda at redhat.com
Wed Apr 8 09:18:40 EDT 2015

Not sure if we already decide about $subject. I am in the middle of 
forking LDAP from PLIDM and removing PLIDM dependency. Now I wonder if I 

1) Remove PLIDM dependency entirely from whole codebase

2) Create the module with Picketlink FederationProvider, which won't be 
packaged in distribution by default. This can be separate package used 
on demand by EAP customers to migrate their PLIDM users into Keycloak 
users. This module will be the only place, which will be still dependent 
on PLIDM, but since it won't be in distribution by default, we can 
remove PLIDM dependency from appliance and war distributions.

The reason I am asking is, that current LDAPFederationProvider can be 
quite easily converted into PicketlinkFederationProvider. But limitation 
is, that it will migrate just users. It won't migrate IDM roles into 
Keycloak roles..

Or should I simply go with (1) and don't care about the migration for now?


More information about the keycloak-dev mailing list