[keycloak-user] Accurate description of Keycloak's capabilities?

Marc Boorshtein marc.boorshtein at tremolosecurity.com
Wed Feb 24 12:22:50 EST 2016


Thanks Bill.  I'm envisioning a slide with 3 columns (one for OpenUnison,
one for KC and one where there's overlap) so I'm going to try and keep it
brief but will certainly talk to anything I don't write down.

Here's what I'm thinking for each column including your comments:

OpenUnison
Authentication
* Kerberos
* Certificate
* Banner
* Username Only
* OTP over SMS
* OTP over Email
* Symantec VIP
* JIT Provisioning
* Authentication Levels

User Data Sources
* Integrated Virtual Directory

Role Management
* Workflow based approvals
* Multi stage approvals
* Escalations

Application Integration
* Reverse Proxy with LastMile (J2EE/Apache/.NET)
* Reverse Proxy with SAML Login
* Reverse Proxy with Kerberos Constrained Delegation

UI Pages
* Generic JSP


Common
Authentication
* OIDC
* SAML2
* Social
* TOTP
* IdP "Broker" for both SAML2 and OIDC
* Login Chain / Flow
* Custom Interface

User Data Stores
* LDAP
* DB
* AD
* Custom
* Password reset
* Profile Updates

Role Management
* Map to multiple data sources
* Web services integration

Application Integration
* SAML2
* OIDC/OAuth2
* Reverse Proxy with header injection


KeyCloak
Authentication
* OIDC
* Social
* TOTP
* User session management

User Data Sources
* Integrated SPI

Role Management
* Local database
* Mapped to external data source

Application Integration
* OIDC/OAuth2
* REST Web Services


UI Pages
* Themed
* Internationalization/Localization

Anything you would like changed or mentioned?

Thanks


Marc Boorshtein
CTO Tremolo Security
marc.boorshtein at tremolosecurity.com
<marc.boorshtein at tremolosecurity.com>(
<https://www.google.com/voice?utm_source=en-ha-na-us-bk&utm_medium=ha&utm_term=google+voice&utm_campaign=en&pli=1#phones>703)
828-4902

On Wed, Feb 24, 2016 at 11:22 AM, Bill Burke <bburke at redhat.com> wrote:

> Much more:
> - IDP brokering (Keycloak can be a child IDP to a parent IDP)
> - reset credentials
> - registration (with or without recaptcha)
> - required actions (verify email, update credentials, update profile)
> - User session management
>
> Custom SPIs to create/augment:
> - browser login flow
> - reset credential flow
> - registration
> - REST validation
> - service accounts
>
> With this SPI you can add custom authentication types, perform workflow
> actions, etc...
>
> User self-help:
> - Account management for logged in users.
>
> Internationalization/Localization:
> - Basically all UIs (admin console, login,
>
> On 2/24/2016 8:20 AM, Marc Boorshtein wrote:
>
> All,
>
> I'm going to be presenting OpenUnison at an OpenShift briefing tomorrow
> and have been asked to include a slide on how OpenUnison and Keycloak
> relate to each other.  Based on getting Keycloak running and looking at the
> website and following the list I'm planning on breaking down KC's features
> as such:
>
> Authentication
> * OIDC
> * SAML2
> * Social
> * TOTP
> * IdP "Proxy" for both SAML2 and OIDC
>
> User Data Sources
> * LDAP
> * AD
> * Custom
>
> Role Management
> * Local database
> * Mapped to external data source
>
> Application Integration
> * SAML2
> * OIDC/OAuth2
> * Reverse Proxy with header injection
>
> UI Pages
> * Themed
>
> I want to make sure this is accurate, so I'd appreciate any feedback that
> you have.
>
> Thanks
>
> Marc Boorshtein
> CTO Tremolo Security
> marc.boorshtein at tremolosecurity.com
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
> Bill Burke
> JBoss, a division of Red Hathttp://bill.burkecentral.com
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160224/3b0287cf/attachment-0001.html 


More information about the keycloak-user mailing list