I’d like to officially announce the new project I’m co-leading with Stian Thorgersen: Keycloak!  Some of you may already have heard hints about this on the Resteasy dev list, but since July I’ve been working with some great Red Hat guys (Stian, Gabriel, Villiam, Bolek, Alexandre, and Marek) to put together an SSO solution for browser, social, and REST service applications.  There is no release yet!  But we’re getting close to releasing our first Alpha.

Check out our screencast presentation and demo of what we got and what we’re doing:

Here’s a list of features we have or are planning to add over the coming months.

  • SSO and Single Log Out for browser applications
  • Social Broker.  Enable Google, Facebook, Yahoo, Twitter social login with no code required.
  • Optional User Registration
  • Password and TOTP support (via Google Authenticator).  Client cert auth coming soon.
  • OAuth Bearer token auth for REST Services
  • Integrated Browser App to REST Service token propagation
  • OAuth 2.0 Grant requests
  • CORS Support
  • CORS Web Origin management and validation
  • Completely centrally managed user and role mapping metadata.  Minimal configuration at the application side
  • Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
  • Deployable as a WAR, appliance, or an Openshift  cloud service (SaaS).
  • Supports JBoss AS7, EAP 6.x, and Wildfly applications.  Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.

We would love to see anybody interested drop by on the keycloak-dev email list.  We looking to do our first alpha release sometime before Christmas.  The code was taken from the RESTEasy OAuth work I did earlier this year as well as the social broker service Stian Thorgersen and the portal team were prototyping early this year.  We’re also trying to leverage Picketlink where appropriate.