[security-dev] Picketlink 2.8.0

Bruno Oliveira bruno at abstractj.org
Mon Nov 23 10:07:50 EST 2015


Please take a look at
http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/

I think this post answers your question.

On Mon, Nov 23, 2015 at 1:05 PM Stephen Agneta <sagneta at gmail.com> wrote:

> I'll share what I know with you in the hopes that it will help somehow.
>
> Well KC (keycloak) is a super-set of the PL (PicketLink) functionality
> thus in theory it ought to work fine once it is ready and once some sort of
> migration path is known. You may not wish to move to KC due to the
> additional functionality which may be off-putting for lite applications but
> KC will perform everything PL did and more and will do so in VM memory if
> you so choose.
>
> Essentially KC is a real federated authentication and authorization
> service with identity management that can run standalone or in-VM within a
> WildFly cluster. Although a Java implementation it works with other systems
> and languages out of process. It does integrate with Spring which may
> interest you.
>
> The following link provides information for Wildfly 9 clustered
> installation:
>
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install
>
> Thus you should be able to have your authorization demands met _in VM_ as
> opposed to over-the-wire for performance reasons if necessary.
>
> IMOP I think the KC project is the right move. They are fixing the big
> issue which is the lack of an opensource Federated Identity Management
> System. They also fixed little things such as Composite Roles which are
> missing from PL.
>
>  I merely disliked the abrupt change-over. I also can't move to keycloak
> until I have more of an idea how the migration would work.
> For example, how different is the default KC relational schema from the
> default basic PL schema:
>
>
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136
>
> It is also not clear if keycloak has a CDI demand system ready like
> PicketLink. They only hint at it.  Also it runs in-cluster on Wildfly 9
> and I am on 8. Nothing huge but issues that will need to be addressed.
>
> Hope that helps.
>
>
>
>
>
>
>
>
>
>
>
> On Mon, Nov 23, 2015 at 8:54 AM Arthur Gregório <arthurshakal at gmail.com>
> wrote:
>
>> And KC does not have the same purpose as the PL.
>>
>> In short, I have no reason to migrate from one to the other, I use PL or
>> go back to Spring Security.
>>
>> But it seems that there has not been any development in PL, at least in
>> recent months, in short, it seems that the project is dying and all that
>> were used for its own account.
>>
>> And with bugs like this https://developer.jboss.org/thread/266387, it's
>> not cool to let the project stalled...
>>
>>
>> *Arthur P. Gregório*
>> *+55 45 9958-0302*
>> @gregorioarthur
>> www.arthurgregorio.eti.br
>>
>> 2015-11-23 11:47 GMT-02:00 Stephen Agneta <sagneta at gmail.com>:
>>
>>>
>>> It certainly appears that everything has moved to key-cloak but I am
>>> unsure that keycloak is ready to take the burden of current Picketlink
>>> implementations. Nor am I sure how the migration process would occur. The
>>> abruptness of the change is a bit disconcerting. Having said that
>>> Picketlink is working fine save for one defect that which I requested that
>>> is on the git HEAD but not in any particular release.
>>>
>>>
>>>
>>>
>>> On Mon, Nov 23, 2015 at 8:43 AM Arthur Gregório <arthurshakal at gmail.com>
>>> wrote:
>>>
>>>> Picketlink is dead?
>>>>
>>>> The last commit in the project repo was in 9 july..
>>>>
>>>> Is there a schedule for the new version or something like that?
>>>>
>>>> at.,
>>>>
>>>> *Arthur P. Gregório*
>>>> *+55 45 9958-0302 <%2B55%2045%209958-0302>*
>>>> @gregorioarthur
>>>> www.arthurgregorio.eti.br
>>>> _______________________________________________
>>>> security-dev mailing list
>>>> security-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/security-dev
>>>
>>>
>> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20151123/d7e03bc2/attachment.html 


More information about the security-dev mailing list