[wildfly-dev] Keycloak SSO in WildFly 9

Bill Burke bburke at redhat.com
Tue Jun 3 16:50:57 EDT 2014



On 6/3/2014 4:37 PM, Anil Saldhana wrote:
> On 06/03/2014 03:27 PM, Bill Burke wrote:
>>
>> On 6/3/2014 2:25 PM, Darran Lofthouse wrote:
>>>> Both the auth server and admin console are served from the same WAR.  It
>>>> should be possible to deploy this without using a WAR or servlets, but
>>>> that is not planned for the initial WildFly integration.  Because of
>>>> this current limitation, the auth server and admin console will not be
>>>> present in a domain controller.
>>> This is going against the current design of AS7/WildFly exposing
>>> management related operations over the management interface and leaving
>>> the web container to be purely about a users deployments.
>> Keycloak uses Resteasy.  We could write an adapter for whatever HTTP
>> engine the mgmt interface is using.  Unfortunately, we also need a
>> storage mechanism  JPA or Mongo.  We could write a file-based back-end
>> if needed.
> PicketLink IDM default storage is file based. Any opportunity to map
> KeyCloak
> storage to the IDM API?   Last time, Bill told me that he is not very
> happy with
> the IDM API.

Keycloak storage has in the past been mapped to the PL IDM API.  That 
code still exists but is not up to date.  We *do* use PL IDM API for 
mapping user-data only (not role mappings) to LDAP/AD storage.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the wildfly-dev mailing list