[keycloak-user] Keycloak 1.1.0.Final Released

Fri Jan 30 10:52:36 EST 2015

Unfortunately yes. Kerberos is deeply ingrained in most of internal applications/processes. While we can ask any new applications to use certificates, we have to support Kerberos. 

If that is not something that you will support, probably identity brokering would help. I can write a Kerberos broker as long as it is given control ( need http request) immediately by Keycloak, perhaps I can handle both authentication with key tabs (for system accts) as well as SPNEGO for users

Sent from my iPhone

> On Jan 30, 2015, at 9:01 AM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> 
> 
> ----- Original Message -----
>> From: "Raghu Prabhala" <prabhalar at yahoo.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>, "keycloak-user" <keycloak-user at lists.jboss.org>
>> Sent: Friday, 30 January, 2015 2:44:14 PM
>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>> 
>> Great. Looking forward to the 1.2 Beta version.
>> Regarding the system account support, from my perspective, it is very
>> important because we have thousands of applications that interact with each
>> other using system accounts (authentication with Kerberos with keytabs) and
>> till we have that functionality, we will not be able to consider Keycloak as
>> a SSO solution even though it is coming out to be a good product. The sooner
>> we have it, the better. Hopefully, even other users will pitch in to request
>> that functionality so that you can bump it up in your priority list.
>> Thanks once again.Raghu
> 
> For your use-case would it have to be Kerberos? Only options we've been considering are certificates and jwt/jws.
> 
>>        From: Stian Thorgersen <stian at redhat.com>
>> To: Raghu Prabhala <prabhalar at yahoo.com>
>> Cc: keycloak dev <keycloak-dev at lists.jboss.org>; keycloak-user
>> <keycloak-user at lists.jboss.org>
>> Sent: Friday, January 30, 2015 2:10 AM
>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>> 
>> 
>> 
>> ----- Original Message -----
>>> From: "Raghu Prabhala" <prabhalar at yahoo.com>
>>> To: "Stian Thorgersen" <stian at redhat.com>
>>> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>, "keycloak-user"
>>> <keycloak-user at lists.jboss.org>
>>> Sent: Thursday, January 29, 2015 6:44:11 PM
>>> Subject: Re: [keycloak-user] Keycloak 1.1.0.Final Released
>>> 
>>> Congrats Keycloak team. A great deal of features in this release - really
>>> like SAML and clustering.
>>> 
>>> But what I am really looking for is the next release as we need all the
>>> features you listed -any tentative dates for the beta version?
>> 
>> We might do a beta soon, but that'll only include identity brokering. The
>> other features will be at least a month away.
>> 
>>> 
>>> The functionality provided so far seems to be targeted toward users
>>> accounts.
>>> When can we expect support for System accounts (with diff auth mechanisms
>>> like certificates, Kerberos etc?
>> 
>> Some time this year we aim to have system accounts with certificates, it'll
>> depend on priorities. We don't have any plans to support Kerberos
>> authentication with system accounts, but maybe that makes sense to add as
>> well.
>> 
>> 
>> 
>>> 
>>> Thanks,
>>> Raghu
>>> 
>>> Sent from my iPhone
>>> 
>>>> On Jan 29, 2015, at 2:11 AM, Stian Thorgersen <stian at redhat.com> wrote:
>>>> 
>>>> The Keycloak team is proud to announce the release of Keycloak
>>>> 1.1.0.Final.
>>>> Highlights in this release includes:
>>>> 
>>>> * SAML 2.0
>>>> * Clustering
>>>> * Jetty, Tomcat and Fuse adapters
>>>> * HTTP Security Proxy
>>>> * Automatic migration of db schema
>>>> 
>>>> We’re already started working on features for the next release. Some
>>>> exiting features coming soon includes:
>>>> 
>>>> * Identity brokering
>>>> * Custom user profiles
>>>> * Kerberos
>>>> * OpenID Connect interop
>>>> 
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
>> 