[wildfly-dev] Keycloak SSO in WildFly 9
Bill Burke
bburke at redhat.com
Tue Jun 3 16:50:57 EDT 2014
On 6/3/2014 4:37 PM, Anil Saldhana wrote:
> On 06/03/2014 03:27 PM, Bill Burke wrote:
>>
>> On 6/3/2014 2:25 PM, Darran Lofthouse wrote:
>>>> Both the auth server and admin console are served from the same WAR. It
>>>> should be possible to deploy this without using a WAR or servlets, but
>>>> that is not planned for the initial WildFly integration. Because of
>>>> this current limitation, the auth server and admin console will not be
>>>> present in a domain controller.
>>> This is going against the current design of AS7/WildFly exposing
>>> management related operations over the management interface and leaving
>>> the web container to be purely about a users deployments.
>> Keycloak uses Resteasy. We could write an adapter for whatever HTTP
>> engine the mgmt interface is using. Unfortunately, we also need a
>> storage mechanism JPA or Mongo. We could write a file-based back-end
>> if needed.
> PicketLink IDM default storage is file based. Any opportunity to map
> KeyCloak
> storage to the IDM API? Last time, Bill told me that he is not very
> happy with
> the IDM API.
Keycloak storage has in the past been mapped to the PL IDM API. That
code still exists but is not up to date. We *do* use PL IDM API for
mapping user-data only (not role mappings) to LDAP/AD storage.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the wildfly-dev
mailing list