[keycloak-dev] Kerberos progress
Bill Burke
bburke at redhat.com
Mon Feb 16 16:52:12 EST 2015
On 2/16/2015 4:34 PM, Marek Posolda wrote:
> Still thinking whether it's better to use federation SPI or identity
> broker SPI for kerberos integration. I am finally much more inclined to
> Federation SPI ;-)
>
That's why I brought it up before...I wasn't sure what the right SPI to
use would be, or if our SPIs needed to improve and be refactored. Maybe
the answer is use both??? *shrug*
I don't know if this makes sense, but a kerberos broker would import
users from information from the kerberos ticket. A Kerberos Federation
Provider interacts directly with an LDAP server to provide a more
complete integration point??? I don't know...just thinking. I don't
know enough about kerberos or how people want to use it with us to make
a decision.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list