[keycloak-dev] Keycloak Modules developed for the Cloudtrust project

Doswald Alistair alistair.doswald at elca.ch
Wed Aug 22 05:12:38 EDT 2018


Hello Thomas,

As you (and a couple of others) have suggested, I’ve done a PR of the mapper code along with a few tests.

Concerning the GO client, the name is actually misleading. It’s in fact more of an administration bridge: part of an interface that we set in front of keycloak.

Cheers,

Alistair

From: Thomas Darimont <thomas.darimont at googlemail.com>
Sent: mardi 14 août 2018 21:26
To: Doswald Alistair <alistair.doswald at elca.ch>
Cc: keycloak-dev <keycloak-dev at lists.jboss.org>
Subject: Re: [keycloak-dev] Keycloak Modules developed for the Cloudtrust project

Hello Alistair,

those are IMHO awesome modules thanks for sharing :)
btw. you also have a handy go Keycloak client :) https://github.com/cloudtrust/keycloak-client

Regarding SAML ScriptMapper (KEYCLOAK-5520) I think it totally makes sense to integrate that into Keycloak directly.
I was onto writing that myself but then priorities changed..., but your implementation looks quite good already :)
I'm pretty sure that if you get the tests running inside the Keycloak test-suite the Keycloak team would be happy to discuss/merge your PR.

Cheers,
Thomas

Am Di., 14. Aug. 2018 um 12:04 Uhr schrieb Doswald Alistair <alistair.doswald at elca.ch<mailto:alistair.doswald at elca.ch>>:
Hello,

I just wanted to let this mailing list know that for the Cloudtrust project (https://github.com/cloudtrust), we have developed a certain number modules for Keycloak. These are currently compatible with the version 3.4.3.Final of Keycloak, but we will make them compatible with Keycloak 4.X (where X will be the latest sub-version of Keycloak when we start working on this) as soon as we can. These modules are:

* keycloak-wsfed (https://github.com/cloudtrust/keycloak-wsfed): an implementation of the WS-Federation protocol for keycloak. This allows to select the WS-Federation protocol for Keycloak clients and for identity brokers.

* keycloak-authorization (https://github.com/cloudtrust/keycloak-authorization): this module allows the use of the client authorization system to prevent a user which is authenticated in a Keycloak realm to access a given client. It works no matter which protocol is used, and without the client having to support any extra protocol. Note: this solution is a bit hacky, but necessary for one of our use-cases.

* keycloak-client-mappers (https://github.com/cloudtrust/keycloak-client-mappers): a module for adding any mappers that we might need that are not yet part of Keycloak. Currently only contains a JavaScript mapper for SAML, analogous to the OIDC script mapper. I've noticed that there's an open issue for this feature (https://issues.jboss.org/browse/KEYCLOAK-5520). If desirable I could submit this code not as a module but a solution to the issue.

* keycloak-export (https://github.com/cloudtrust/keycloak-export): a module adding an endpoint to fully export a realm while Keycloak is still running (no need for restarts!).

Cheers,

Alistair

PS: I mailed this to both dev and user mailing lists as I believe it may interest members of both mailing lists. However, upon sending to the dev mailing list the first time it bounced. This is the second attempt.

_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list