[keycloak-dev] Remove IDM entirely or keep Picketlink federation provider?

Stian Thorgersen stian at redhat.com
Wed Apr 8 09:33:04 EDT 2015



----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 8 April, 2015 3:18:40 PM
> Subject: [keycloak-dev] Remove IDM entirely or keep Picketlink federation	provider?
> 
> Not sure if we already decide about $subject. I am in the middle of
> forking LDAP from PLIDM and removing PLIDM dependency. Now I wonder if I
> should:
> 
> 1) Remove PLIDM dependency entirely from whole codebase
> 
> 2) Create the module with Picketlink FederationProvider, which won't be
> packaged in distribution by default. This can be separate package used
> on demand by EAP customers to migrate their PLIDM users into Keycloak
> users. This module will be the only place, which will be still dependent
> on PLIDM, but since it won't be in distribution by default, we can
> remove PLIDM dependency from appliance and war distributions.
> 
> The reason I am asking is, that current LDAPFederationProvider can be
> quite easily converted into PicketlinkFederationProvider. But limitation
> is, that it will migrate just users. It won't migrate IDM roles into
> Keycloak roles..
> 
> Or should I simply go with (1) and don't care about the migration for now?

As 2 can't do roles as well it's not really that useful. Also, since IDM is so flexible I can't see us providing one that works for everyone (if anyone?! at all). So maybe what we should do is to provide an example that users can fork/modify?

> 
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list