[keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2

Stian Thorgersen stian at redhat.com
Fri Jan 16 09:13:46 EST 2015 


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-user at lists.jboss.org
> Sent: Friday, 16 January, 2015 3:07:50 PM
> Subject: Re: [keycloak-user] Location of User Federation Provider jar in Keycloak 1.1 Beta-2
> 
> 
> 
> On 1/16/2015 8:33 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Stan Silvert" <ssilvert at redhat.com>
> >> To: "Marek Posolda" <mposolda at redhat.com>
> >> Cc: "Stian Thorgersen" <stian at redhat.com>, keycloak-user at lists.jboss.org
> >> Sent: Friday, 16 January, 2015 2:30:40 PM
> >> Subject: Re: [keycloak-user] Location of User Federation Provider jar in
> >> Keycloak 1.1 Beta-2
> >>
> >> On 1/16/2015 7:28 AM, Marek Posolda wrote:
> >>> Figured out that our "war-dist" still contains auth-server.war in
> >>> "standalone/deployments" . Appliance dist doesn't have it. This is not
> >>> expected right? The chapter 3.1 and 3.2 both mentions auth-server.war
> >>> in deployments folder btv (which is not true at least for appliance
> >>> dist now).
> >> The WAR dist doesn't contain the subsystem.  So it has to work the old
> >> way.
> >>
> >> I think we need to come to a final decision about supporting the auth
> >> server on other platforms, which is the only reason for the WAR dist to
> >> still exist.
> >
> > If we want to be the OOTB solution for other JBoss projects it has to be
> > possible to embed Keycloak into their solutions. I think that means we'll
> > have to support Tomcat, Jetty, etc runtimes.
> >
> 
> This will be an issue for any type of client-cert auth we do.  With
> Wildfly going forward we'll be able to plug in more dynamic security
> trust managers, can't do that currently with JBossWeb, Tomcat, Jetty, etc...

We should provide a slimmed profile of Keycloak for embedding. I don't think that'll have to support client cert authentication.

We should also consider adding signed-JWT as an auth mechanism. Looks like that's what Google does (https://developers.google.com/accounts/docs/OAuth2ServiceAccount).

> 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list