[keycloak-user] Accurate description of Keycloak's capabilities?
Marc Boorshtein
marc.boorshtein at tremolosecurity.com
Wed Feb 24 12:56:39 EST 2016
So after I actually put the slide together I realized I'd never be able to
put this much information on one slide. So I tried to distill it down to
really key points:
https://s3.amazonaws.com/ts-public-downloads/random/Slide11.png
Let me know what you think. Again, I appreciate the feedback.
Thanks
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein at tremolosecurity.com
<marc.boorshtein at tremolosecurity.com>(
<https://www.google.com/voice?utm_source=en-ha-na-us-bk&utm_medium=ha&utm_term=google+voice&utm_campaign=en&pli=1#phones>703)
828-4902
On Wed, Feb 24, 2016 at 12:22 PM, Marc Boorshtein <
marc.boorshtein at tremolosecurity.com> wrote:
> Thanks Bill. I'm envisioning a slide with 3 columns (one for OpenUnison,
> one for KC and one where there's overlap) so I'm going to try and keep it
> brief but will certainly talk to anything I don't write down.
>
> Here's what I'm thinking for each column including your comments:
>
> OpenUnison
> Authentication
> * Kerberos
> * Certificate
> * Banner
> * Username Only
> * OTP over SMS
> * OTP over Email
> * Symantec VIP
> * JIT Provisioning
> * Authentication Levels
>
> User Data Sources
> * Integrated Virtual Directory
>
> Role Management
> * Workflow based approvals
> * Multi stage approvals
> * Escalations
>
> Application Integration
> * Reverse Proxy with LastMile (J2EE/Apache/.NET)
> * Reverse Proxy with SAML Login
> * Reverse Proxy with Kerberos Constrained Delegation
>
> UI Pages
> * Generic JSP
>
>
> Common
> Authentication
> * OIDC
> * SAML2
> * Social
> * TOTP
> * IdP "Broker" for both SAML2 and OIDC
> * Login Chain / Flow
> * Custom Interface
>
> User Data Stores
> * LDAP
> * DB
> * AD
> * Custom
> * Password reset
> * Profile Updates
>
> Role Management
> * Map to multiple data sources
> * Web services integration
>
> Application Integration
> * SAML2
> * OIDC/OAuth2
> * Reverse Proxy with header injection
>
>
> KeyCloak
> Authentication
> * OIDC
> * Social
> * TOTP
> * User session management
>
> User Data Sources
> * Integrated SPI
>
> Role Management
> * Local database
> * Mapped to external data source
>
> Application Integration
> * OIDC/OAuth2
> * REST Web Services
>
>
> UI Pages
> * Themed
> * Internationalization/Localization
>
> Anything you would like changed or mentioned?
>
> Thanks
>
>
> Marc Boorshtein
> CTO Tremolo Security
> marc.boorshtein at tremolosecurity.com
> <marc.boorshtein at tremolosecurity.com>(
> <https://www.google.com/voice?utm_source=en-ha-na-us-bk&utm_medium=ha&utm_term=google+voice&utm_campaign=en&pli=1#phones>703)
> 828-4902
>
> On Wed, Feb 24, 2016 at 11:22 AM, Bill Burke <bburke at redhat.com> wrote:
>
>> Much more:
>> - IDP brokering (Keycloak can be a child IDP to a parent IDP)
>> - reset credentials
>> - registration (with or without recaptcha)
>> - required actions (verify email, update credentials, update profile)
>> - User session management
>>
>> Custom SPIs to create/augment:
>> - browser login flow
>> - reset credential flow
>> - registration
>> - REST validation
>> - service accounts
>>
>> With this SPI you can add custom authentication types, perform workflow
>> actions, etc...
>>
>> User self-help:
>> - Account management for logged in users.
>>
>> Internationalization/Localization:
>> - Basically all UIs (admin console, login,
>>
>> On 2/24/2016 8:20 AM, Marc Boorshtein wrote:
>>
>> All,
>>
>> I'm going to be presenting OpenUnison at an OpenShift briefing tomorrow
>> and have been asked to include a slide on how OpenUnison and Keycloak
>> relate to each other. Based on getting Keycloak running and looking at the
>> website and following the list I'm planning on breaking down KC's features
>> as such:
>>
>> Authentication
>> * OIDC
>> * SAML2
>> * Social
>> * TOTP
>> * IdP "Proxy" for both SAML2 and OIDC
>>
>> User Data Sources
>> * LDAP
>> * AD
>> * Custom
>>
>> Role Management
>> * Local database
>> * Mapped to external data source
>>
>> Application Integration
>> * SAML2
>> * OIDC/OAuth2
>> * Reverse Proxy with header injection
>>
>> UI Pages
>> * Themed
>>
>> I want to make sure this is accurate, so I'd appreciate any feedback that
>> you have.
>>
>> Thanks
>>
>> Marc Boorshtein
>> CTO Tremolo Security
>> marc.boorshtein at tremolosecurity.com
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hathttp://bill.burkecentral.com
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160224/50af5dc0/attachment.html
More information about the keycloak-user
mailing list