Re: RFC: Keycloak project presentation
Christopher LILJENSTOLPE <cdl@...>
toggle quoted message Show quoted text
Sorry I could not make the call today, but I did want to raise some concerns I have had over Keycloak. One is the fact that, at heart, it is still a login/password system. There is some ability to add MFA, but right now it is not really part of the standard mechanics, as far as I can see, and certainly does not allow multiple MFA capabilities - which is rapidly becoming a requirement and 'expected' behavior of an auth system. I know there are issues open to look at this, but it seems as if there is no consensus within the keycloak community as to how to address those capabilities/requirements.
Without a clear path to enable more modern authentication practices, I'm pretty sure I wouldn't be able to support (I'm non-binding) adoption.
On Tue, Apr 9, 2019 at 8:47 AM Chris Aniszczyk <caniszczyk@...> wrote:
The Keycloak project presented today:
Co-Founder & CTO, Solutions Tigera cdl@... | @liljenstolpe | @liljenstolpe Follow us: Blog | Twitter | LinkedIn
Zero Trust Network Security & Continuous Compliance for Modern Applications