[keycloak-user] Using Keycloak to build organization SSO server.

Bill Burke bburke at redhat.com
Wed Jun 17 08:41:25 EDT 2015

Keycloak can manage SSO and roles.  We don't have the concept of groups 
or permissions.  Role groups are something we call a "composite role". 
The way roles work is that you can have realm-level roles, or roles that 
are associated with an application/client.   You can federate user 
storage in AD and DBs together.  ADs should probably work out of the box 
with some configuration.  DBs would take custom coding to work with your 
schema, but was have an SPI for it.

I don't know how Shibboleth compares to Keycloak.  We're moving fast 
though.  We currently rely on Picketlink for our SAML client adapter. 
That's it though.  In the near future we will be porting the PL SAML 
client adapter to Keycloak.

On 6/17/2015 3:03 AM, Subhrajyoti Moitra wrote:
> Hello,
> My organization, is trying to implement a SSO service internally, so
> that various business applications can authenticate against it. We also
> want this SSO service to manage roles, groups,permissions, role-group
> memberships etc.
> Currently this authentication is happening using DB tables and Active
> Directory server.
> We want to hook up these with the keycloak server.
> Can this be done using Keycloak? how does keycloak compare to shibboleth?
> Will using picketlink in client applications help in anyway to speed up
> development.
> Thanks for your patience,
> Subhro.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-user mailing list