[keycloak-user] Exposing keycloak to clients or hide it
Istvan Orban
istvan.orban at gmail.com
Tue Feb 7 04:17:29 EST 2017
Hi,
Thanks for getting back to me on this one!
On the backchannel logout bit: I reckon you guys are planning to conform to
OIDC spec. Do you have a rought idea on timeline? I want to make sure that
I keep an eye out and perhaps implement this as it becomes available.
Thanks for your answer again!
Kind Regards
On 7 February 2017 at 09:07, Stian Thorgersen <sthorger at redhat.com> wrote:
> There are two main things you'd miss:
>
> * Direct support for roles - there are ways to do this though
> * Backchannel logout - our logout mechanism for OIDC is currently
> proprietary as there was no OIDC spec for it when we implemented it, and
> it's still only a draft I believe
>
> On 6 February 2017 at 16:40, Istvan Orban <istvan.orban at gmail.com> wrote:
>
>> Hi Everyone,
>>
>> I have set-up keycloak locally and I like it a lot. I generally like to
>> hide implementation detail from related services so that they can be
>> decoupled.
>> I know keycloak have libs for plenty of different frameworks etc, although
>> I am thinking about setting it up using Apache and mod_auth_openidc
>> The advantage is that our software will have openid connect as a
>> dependency
>> rather than keycloak. I would like to ask you what I am missing out with
>> such a setup?
>> Are there any major features I am loosing by not using keycloak specific
>> clients libs to connect my appllications to keycloak directly?
>>
>> Thanks for any insights !
>>
>> Istvan
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
--
Kind Regards,
*----------------------------------------------------------------------------------------------------------------*
*Istvan Orban* *I *Skype: istvan_o *I *Mobile: +44 (0) 7956 122 144 *I *
More information about the keycloak-user
mailing list