Considering deprecating Keycloak Spring Boot and Security adapters
760 views
Skip to first unread message
Stian Thorgersen
Mar 5, 2020, 8:54:31 AM3/5/20
to Keycloak Dev, Keycloak User
With Spring Security 5 there is good support for OpenID Connect and OAuth 2 directly in Spring.
Due to this we are considering deprecating the Keycloak specific Spring Boot and Security adapters.
Manfred Duchrow
Mar 6, 2020, 1:08:17 AM3/6/20
to Keycloak Dev
To be honest, I have not yet looked at the capabilities of Spring Security 5, but I doubt that these generic OIDC/OAuth2 adapters
cover important features like transferring roles from access token into Authentication / GrantedAuthority objects or support for
not yet standardized logout (k_logout). Another missing feature would perhaps be parameter forwarding (e.g. kc_idp_hint).
cover important features like transferring roles from access token into Authentication / GrantedAuthority objects or support for
not yet standardized logout (k_logout). Another missing feature would perhaps be parameter forwarding (e.g. kc_idp_hint).
IMO before dropping Keycloak Spring Boot and Security adapters, somebody should at least verify if it's possible ti extend
these generic Spring Security OIDC/OAuth2 adapters to support the (Keycloak specific) capabilities mentioned above.
these generic Spring Security OIDC/OAuth2 adapters to support the (Keycloak specific) capabilities mentioned above.
Pedro Igor Craveiro e Silva
Mar 6, 2020, 8:39:30 AM3/6/20
to st...@redhat.com, Keycloak Dev, Keycloak User
I think it is worthy to mention that this same strategy we are using to Quarkus, which should become our generic adapter for Quarkus-based apps. See
On Thu, Mar 5, 2020 at 10:54 AM Stian Thorgersen <stho...@redhat.com> wrote:
With Spring Security 5 there is good support for OpenID Connect and OAuth 2 directly in Spring.Due to this we are considering deprecating the Keycloak specific Spring Boot and Security adapters.
--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CAJgngAdytFw8wAeid-PeQe9iieVEnzRRBwg1%2B3zNkOYFM1DfOA%40mail.gmail.com.
Blazej Adamczyk
Dec 11, 2021, 7:54:39 AM12/11/21
to Keycloak Dev
Replying really late to this thread but I've just read the deprecation info in latest release notes..
Pedro, Stian can you please shed some light on the plans of spring adapter deprecation? As you stated oidc and oauth2 is indeed covered by spring but what with authorization, policy enforcement and uma-2 support?
I'm worried becuase we are using these adapters in our spring apps and frequently with policy enforcement.
Thanks in advance for any response!
Robert Schuh
Dec 11, 2021, 4:02:00 PM12/11/21
to Keycloak Dev
We are using the uma 2 features of it heavily and having the whole adapter deprecated would mean having to rebuild it…?
Maybe its possible to still maintain these features (authz, policies, uma2) in a trimmed down version that works on top of spring oidc support?
Maybe its possible to still maintain these features (authz, policies, uma2) in a trimmed down version that works on top of spring oidc support?
Message has been deleted
Błażej Adamczyk
Dec 20, 2021, 7:00:11 AM12/20/21
to Robert Schuh, pigor.c...@gmail.com, stho...@redhat.com, Keycloak Dev
Dear Authors, Stian, Pedro,
Can you please shed some more light on your plans regarding springboot
in the context of authz/uma2 support?
Thanks!
--
Kind regards,
Błażej Adamczyk, Ph.D.
Silesian University of Technology
Institute of Computer Science
Akademicka 16
44-100 Gliwice, Poland
Phone: +48 601 180 169
PGP: 0xCBAF608AE20B06F2C172A853B70E6F797423F7B7 (pgp.mit.edu)
-------- Wiadomość oryginalna ----------
Od: 'Robert Schuh' via Keycloak Dev <keyclo...@googlegroups.com>
Odpowiedź do: Robert Schuh <rv.s...@googlemail.com>
Do: Keycloak Dev <keyclo...@googlegroups.com>
Temat: Re: [keycloak-dev] Considering deprecating Keycloak Spring Boot
and Security adapters
Data: Sat, 11 Dec 2021 13:01:59 -0800 (PST)
Can you please shed some more light on your plans regarding springboot
in the context of authz/uma2 support?
Thanks!
--
Kind regards,
Błażej Adamczyk, Ph.D.
Silesian University of Technology
Institute of Computer Science
Akademicka 16
44-100 Gliwice, Poland
Phone: +48 601 180 169
PGP: 0xCBAF608AE20B06F2C172A853B70E6F797423F7B7 (pgp.mit.edu)
-------- Wiadomość oryginalna ----------
Od: 'Robert Schuh' via Keycloak Dev <keyclo...@googlegroups.com>
Odpowiedź do: Robert Schuh <rv.s...@googlemail.com>
Do: Keycloak Dev <keyclo...@googlegroups.com>
Temat: Re: [keycloak-dev] Considering deprecating Keycloak Spring Boot
and Security adapters
Data: Sat, 11 Dec 2021 13:01:59 -0800 (PST)
Message has been deleted
Stian Thorgersen
Dec 20, 2021, 1:25:32 PM12/20/21
to Błażej Adamczyk, Robert Schuh, pedroigor, Keycloak Dev
We will share more information as soon as we have it available. Rest assured we won't remove any adapters until we have found acceptable alternative solutions.
Reply all
Reply to author
Forward
0 new messages