[keycloak-dev] Help with keycloak evaluation
Bill Burke
bburke at redhat.com
Fri Oct 30 18:02:25 EDT 2015
On 10/30/2015 5:47 PM, Jorge M. wrote:
>
> Hi,
>
> I'm evaluating the keycloak to use in a multi-module system in
> production and I need some help in the following topics:
>
> - Is it possible to define groups of roles? For example, in
> a scenario using groups as profiles and the roles as resources.
>
Not sure what you mean by "profiles" and "resources" could have
multiple meanings.
Currently, we don't have "groups" but have the concept of a "Composite
Role". A composite role can have multiple roles associated with it.
I am currently working on the concept of a group and this will be
released in 1.7 sometime in December. Groups can have roles associated
with them and attributes. Group members will inherit these roles and
attributes. Groups can be constructed in a hierarchy.
> - Single login validation (only allow a single login session per user to
> avoid account sharing)
>
This is a feature that we don't have out of the box, but is something I
believe you would be able to code with our SPIs. Probably something we
should provide out of the box.
> - Is there any sample federation provider for RDBMS?
>
There is a very simple non-RDBMS example for federation. You' have to
extrapolate how to marry that to a RDMS.
>
>
> - Are you planning to develop an adapter to PHP web applications? Any
> community adapter available?
>
We have 2 options for PHP (and other non-Java languages) at the moment:
#1 - Use SAML as the protocol. Front PHP with Apache. Use
mod-auth-mellon.
#2 - Use Keycloak Security Proxy. Its a small Java based web server
based on Undertow that forwards http requests and secures remote web
servers.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list