[keycloak-user] Migration from Picketlink IDM
Marek Posolda
mposolda at redhat.com
Mon Aug 7 06:53:00 EDT 2017
Glad that someone is still using picketlink 1.4. It reminds me some old
days when, I was working on GateIn Portal, which was using Picketlink
1.4 :) But I agree that it is good to migrate :) Answers inline.
On 07/08/17 11:07, Thomas DELHOMENIE wrote:
> Hello,
>
> We currently use PicketLink (in a quite old version : 1.4), especially the
> IDM part. As Picketlink is a dead project, we are evaluating alternative
> solutions, which naturally led us to Keycloak. I have some questions :
> * I understand that Keycloak must be run as a server, but isn't there a way
> to embed only the User Federation capability in an application (so not in
> server mode) ? We basically need to be able to manage users/groups,
> aggregate them from multiple sources (LDAP, AD, custom data store, ...) and
> expose them in our API. That's what we did with Picketlink IDM, but I am
> not sure it is feasible with Keycloak.
Not directly. Keycloak is meant to be used as a server and do it for
you. Once user successfully authenticates, the details are available in
his accessToken. Application doesn't know from which source (LDAP
server) this info came from, it's not the responsibility of the
application. Also Keycloak has admin REST API, which allows you to
search for users and return corresponding JSON objects with user
details. We have nice admin client, which allows you to easily execute
this REST API from Java application.
> * we provide the capability for the administrators of our application to
> configure their users and groups storages, by configuration. Is it still
> possible with Keycloak or can this only be done via the admin console ?
We have admin REST API and everything, which is doable in Keycloak admin
console, can be also done through admin REST API. In latest 3.2.1
version there is more fine grained admin permissions model, which should
allow you to specify permission for admins in more fine grained way if
needed.
Marek
>
> Regards,
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list