[keycloak-dev] Remove IDM entirely or keep Picketlink federation provider?
mposolda at redhat.com
Wed Apr 8 09:59:32 EDT 2015
On 8.4.2015 15:33, Stian Thorgersen wrote:
> ----- Original Message -----
>> From: "Marek Posolda" <mposolda at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 8 April, 2015 3:18:40 PM
>> Subject: [keycloak-dev] Remove IDM entirely or keep Picketlink federation provider?
>> Not sure if we already decide about $subject. I am in the middle of
>> forking LDAP from PLIDM and removing PLIDM dependency. Now I wonder if I
>> 1) Remove PLIDM dependency entirely from whole codebase
>> 2) Create the module with Picketlink FederationProvider, which won't be
>> packaged in distribution by default. This can be separate package used
>> on demand by EAP customers to migrate their PLIDM users into Keycloak
>> users. This module will be the only place, which will be still dependent
>> on PLIDM, but since it won't be in distribution by default, we can
>> remove PLIDM dependency from appliance and war distributions.
>> The reason I am asking is, that current LDAPFederationProvider can be
>> quite easily converted into PicketlinkFederationProvider. But limitation
>> is, that it will migrate just users. It won't migrate IDM roles into
>> Keycloak roles..
>> Or should I simply go with (1) and don't care about the migration for now?
> As 2 can't do roles as well it's not really that useful. Also, since IDM is so flexible I can't see us providing one that works for everyone (if anyone?! at all). So maybe what we should do is to provide an example that users can fork/modify?
Yeah, so maybe adding new example into examples/providers for that?
I can try to do something by tomorrow, but not sure if I catch it. And
next week I would like to start on persistent client grants. I guess
it's not an issue to possibly postpone this to some later release?
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
More information about the keycloak-dev