[security-dev] Picketlink 2.8.0
Marek Posolda
mposolda at redhat.com
Tue Nov 24 02:46:57 EST 2015
Keycloak now supports SAML SP implementation, which doesn't require KC
server. It can talk to any other SAML Idp. The docs is here
http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html
. For the future, we will mainly focus on improve/maintain the Keycloak
SAML SP rather than Picketlink.
Also there is no need to fork the Picketlink project to your own, you
can still propose and send PR to Picketlink . This will allow that more
people from the community can suffer from your work.
Marek
On 23/11/15 23:40, larry mccay wrote:
> This is a disappointing situation.
> PL should have been continued and then consumed by KC.
> I will not be pulling in KC in its entirely in order to do SAML SP
> implementations - we will need to move to something else.
>
> I suggest that a PL module be published from KC that has minimal
> dependencies.
> You can migrate the PL functionality to KC this way but not force all
> of the new dependencies on consumers.
>
> On Mon, Nov 23, 2015 at 11:19 AM, Arthur Gregório
> <arthurshakal at gmail.com <mailto:arthurshakal at gmail.com>> wrote:
>
> I see this post, and i know what KC do..
>
> What I mean is that I do not need all the things that KC does, I
> want simple with the something like PL.
>
> I posted in a thread about it on the same topic "continuity of PL"
> on the dev list of KC and the same answer was given.
>
> PL is such a cool framework, I refuse to believe that only I use
> it or only I noticed this deep sleep that the project came...
>
> Finally, the fact is that PL is like Spring Security, a swatter
> convenient and fast flies. KC is already like a cannon, large and
> meaningless to the context of solving a simple problem like
> killing a single mosquito.
>
> But if so, the business is to make a project fork and working on
> my own version.
>
> at.,
>
> *Arthur P. Gregório*
> /+55 45 9958-0302 <tel:%2B55%2045%209958-0302>/
> @gregorioarthur
> www.arthurgregorio.eti.br <http://www.arthurgregorio.eti.br>
>
> 2015-11-23 13:07 GMT-02:00 Bruno Oliveira <bruno at abstractj.org
> <mailto:bruno at abstractj.org>>:
>
> Please take a look at
> http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/
>
>
> I think this post answers your question.
>
> On Mon, Nov 23, 2015 at 1:05 PM Stephen Agneta
> <sagneta at gmail.com <mailto:sagneta at gmail.com>> wrote:
>
> I'll share what I know with you in the hopes that it will
> help somehow.
>
> Well KC (keycloak) is a super-set of the PL (PicketLink)
> functionality thus in theory it ought to work fine once it
> is ready and once some sort of migration path is known.
> You may not wish to move to KC due to the additional
> functionality which may be off-putting for lite
> applications but KC will perform everything PL did and
> more and will do so in VM memory if you so choose.
>
> Essentially KC is a real federated authentication and
> authorization service with identity management that can
> run standalone or in-VM within a WildFly cluster. Although
> a Java implementation it works with other systems and
> languages out of process. It does integrate with Spring
> which may interest you.
>
> The following link provides information for Wildfly 9
> clustered installation:
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#overlay_install
>
> Thus you should be able to have your authorization demands
> met _in VM_ as opposed to over-the-wire for performance
> reasons if necessary.
>
> IMOP I think the KC project is the right move. They are
> fixing the big issue which is the lack of an opensource
> Federated Identity Management System. They also fixed
> little things such as Composite Roles which are missing
> from PL.
>
> I merely disliked the abrupt change-over. I also can't
> move to keycloak until I have more of an idea how the
> migration would work.
> For example, how different is the default KC relational
> schema from the default basic PL schema:
>
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e136
>
> It is also not clear if keycloak has a CDI demand system
> ready like PicketLink. They only hint at it. Also it runs
> in-cluster on Wildfly 9 and I am on 8. Nothing huge but
> issues that will need to be addressed.
>
> Hope that helps.
>
>
>
>
>
>
>
>
>
>
>
> On Mon, Nov 23, 2015 at 8:54 AM Arthur Gregório
> <arthurshakal at gmail.com <mailto:arthurshakal at gmail.com>>
> wrote:
>
> And KC does not have the same purpose as the PL.
>
> In short, I have no reason to migrate from one to the
> other, I use PL or go back to Spring Security.
>
> But it seems that there has not been any development
> in PL, at least in recent months, in short, it seems
> that the project is dying and all that were used for
> its own account.
>
> And with bugs like this
> https://developer.jboss.org/thread/266387, it's not
> cool to let the project stalled...
>
>
> *Arthur P. Gregório*
> /+55 45 9958-0302 <tel:%2B55%2045%209958-0302>/
> @gregorioarthur
> www.arthurgregorio.eti.br
> <http://www.arthurgregorio.eti.br>
>
> 2015-11-23 11:47 GMT-02:00 Stephen Agneta
> <sagneta at gmail.com <mailto:sagneta at gmail.com>>:
>
>
> It certainly appears that everything has moved to
> key-cloak but I am unsure that keycloak is ready
> to take the burden of current Picketlink
> implementations. Nor am I sure how the migration
> process would occur. The abruptness of the change
> is a bit disconcerting. Having said that
> Picketlink is working fine save for one defect
> that which I requested that is on the git HEAD but
> not in any particular release.
>
>
>
>
> On Mon, Nov 23, 2015 at 8:43 AM Arthur Gregório
> <arthurshakal at gmail.com
> <mailto:arthurshakal at gmail.com>> wrote:
>
> Picketlink is dead?
>
> The last commit in the project repo was in 9
> july..
>
> Is there a schedule for the new version or
> something like that?
>
> at.,
>
> *Arthur P. Gregório*
> /+55 45 9958-0302 <tel:%2B55%2045%209958-0302>/
> @gregorioarthur
> www.arthurgregorio.eti.br
> <http://www.arthurgregorio.eti.br>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> <mailto:security-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/security-dev
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> <mailto:security-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/security-dev
>
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org <mailto:security-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/security-dev
>
>
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20151124/e51e7a25/attachment-0001.html
More information about the security-dev
mailing list