Re: RFC: Keycloak project presentation

Christopher LILJENSTOLPE <cdl@...>


Sorry I could not make the call today, but I did want to raise some concerns I have had over Keycloak.  One is the fact that, at heart, it is still a login/password system.  There is some ability to add MFA, but right now it is not really part of the standard mechanics, as far as I can see, and certainly does not allow multiple MFA capabilities - which is rapidly becoming a requirement and 'expected' behavior of an auth system.  I know there are issues open to look at this, but it seems as if there is no consensus within the keycloak community as to how to address those capabilities/requirements.

Without a clear path to enable more modern authentication practices, I'm pretty sure I wouldn't be able to support (I'm non-binding) adoption.


On Tue, Apr 9, 2019 at 8:47 AM Chris Aniszczyk <caniszczyk@...> wrote:
The Keycloak project presented today:

The TOC, especially Joe had some questions on how Keycloak was
deployed on Wildfly (vs the RHT enterprise version of that). This
project is also fairly high up the stack compared to what we normally
accept in CNCF imho. We also didn't have a full roster of TOC members
so I'd like to ensure we have a wide set of eyes on this topic.

Jeff was also interested in being one of the sponsors for the sandbox

Anyways, wanted to move the discussion to the mailing list.

Chris Aniszczyk (@cra) | +1-512-961-6719

Co-Founder & CTO, Solutions
cdl@... | @liljenstolpe | @liljenstolpe
Follow us: Blog  | Twitter | LinkedIn

Zero Trust Network Security & Continuous Compliance for Modern Applications

Join { to automatically receive all group messages.