Keycloak?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Keycloak?

jewzaam
Administrator
http://keycloak.jboss.org/

I've had investigating keycloak on my list of things to do for a while and wondered if anybody else had seen anything about it or wanted to take it on.  With how lightblue is architected we're not coupled to the authn/z layers so maybe it's something that could be useful?  If so, maybe we should create some issues to do more with it.  I don't think internally we'll need it any time soon, but some initial ideas in an issue could help if someone else wanted to work on it.
Reply | Threaded
Open this post in threaded view
|

Re: Keycloak?

lcestari
I read about it when people announced the project on the core-list and I watched a presentation some time after that, I think it seems to be a nice project ( I'm looking forward the SAML feature). As you said, maybe we can address an issue to use that (maybe for the quickstart/openshift?).
Reply | Threaded
Open this post in threaded view
|

Re: Keycloak?

jewzaam
Administrator
In reply to this post by jewzaam
http://blog.keycloak.org/2014/11/05/keycloak-1-1-0-beta1-released/

"SAML 2.0 support.  Keycloak already supports OpenID Connect, but with this release we’re also introducing support for SAML 2.0.  We did this by pulling in and building on top of Picketlink’s SAML libraries."
Reply | Threaded
Open this post in threaded view
|

Re: Keycloak?

lcestari
I will wait the final release (and maybe the docker image as well) =) I’m in no hurry to try the beta
Reply | Threaded
Open this post in threaded view
|

Re: Keycloak?

Alec
Keycloak is now past 1.0.0.Final. As far as I understand it I feel like it fits the use cases for Lightblue pretty well, as it would give us a route to:

- CORS
- SAML
- OAuth

All of which have come up in discussions at some point as useful. In fact, CORS is now a necessity for the data management application more or less.

Should Keycloak be reconsidered?

That being said I have no idea where to start using it besides burying myself in documentation.
Reply | Threaded
Open this post in threaded view
|

Re: Keycloak?

Alec
Unfortunately it appears it does not yet support client cert auth. I'm also curious as to the performance overhead that keycloak imposes since it seems pretty heavy, though full featured.
Reply | Threaded
Open this post in threaded view
|

Re: Keycloak?

jewzaam
Administrator
Looks like two way ssl is not supported, which rules it out for now.

http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html_single/index.html

Search for "two-way SSL".  The configuration option for this (client-keystore) is not implemented yet.