ok, I want word 'Hacker' please find me parameter ;-)
word 'Linux' will use real number not integer but I'm not remember what to do this. some variable must be 'floor' cut / rouded. I canot find any real solution
remote_code
raise ValueError(
ValueError: Loading infly/OpenCoder-1.5B-Base requires you to execute the configuration file in that repo on your local machine. Make sure you have read the code there to avoid malicious use, then set the option `trust_remote_code=True` to remove this error.
In my experience KeyCloak can be a very mixed bag.
And if you are especially unlucky might be so painful to use that you could say it doesn't work.
But for a lot of use cases it does work well.
In some context it might safe you not just developer month, but years (e.g. certain use cases with certification/policy enforcement aspects).
But it also can be a story from running from one rough edge into another where you project lead/manager starts doubling or tripping any time estimate of stories involving Keycloak.
E.g. the REST API of Keycloak (for programmatic management of it) is very usable but full of inconsistencies and terrible badly documented (I mean there is a OpenAPI spec but it's very rarely giving you satisfying answers for the meaning of a listed parameter beyond a non descriptive 3 word description). (It's also improving with each version.)
Similar multi tenancy can be a pain, depending on what exactly you need. UMA can be grate or a catastrophe, again depending on your specific use cases. SSO User management can just fine or very painful. There is a UI for customizing the auth flow, but it has a ton of subtle internal/impl. detail constraints/mechanics not well documented which you have to know to effectively use it so if you can't copy past someones else solution or only need trivial changes this can be a huge trap (looking like a easy change but being everything but that)...
The build in mail templates work, but can get your mail delivery (silently) dropped (not sure why, maybe some scammers used Keycloak before).
The default user facing UI works but you will have to customize it even if just for consistent branding and it uses it's own Java specific rendering system (and consistent branding here isn't just a fancy looks goal, one of the first things though on scam avoidance courses for non technical people is, that if it looks very different it's probably a scam and you shouldn't log in).
I think Keycloak is somewhat of a no brainer for large teams, but can be a dangerous traps for very small teams.
I cannot agree more on the very mixed bag. In general, Keycloak is a very solid Authorization server. There is a very active community around Keycloak, and if one need an authorization server, they should consider picking it. We use it in an internal multi-tenant environment as a central customer authentication platform.
BUT there's also a lot of pain in using Keycloak, especially when you build on top of it.
One of the great things about Keycloak is, that it can be seen as an extendible platform. Nearly everything is customizable. However, it takes a lot of time and effort to learn the programming model and especially the documentation is a PITA. It has been even worse 2 years ago, but it's still a lot of fiddeling around and usual I find myself in reading the Keycloak source (which has a very mixed quality btw.) as no documentation is available.
Multi tenancy is indeed also a hard topic. We heavily utilize multiple realms (I think we should have hit 100 already) for that, but newer developments in Keycloak now offer an additional model based around organizations [1].
One thing that bothers me personally is that the storage model of keycloak does not offer zero-downtime migrations and the work on refactoring it has been paused for now.
Since we have a solution based on Keycloak, we deploy Keycloak regulary with every feature. However, the embedded infinispan cache makes this hard on scale as during redeployments Keycloak become unresponsive due to cache leader synchronization and eventually drops some caches, leading to user sessions being terminated. Fortunally Keycloak finally has support for an external Infinispan cache [2] and moved to protocol buffers for serialization [3], which should make upgrades smoother, and grounds the road to zero-downtime deployments.
After all this, let me emphasize that for most of it the Keycloak team is aware and is working hard in moving forward. I started using Keycloak with Version 11 and a lot has changed for the better.
> I think Keycloak is somewhat of a no brainer for large teams, but can be a dangerous traps for very small teams.
I would not agree on that. You don't necessarily need a large team for operating Keycloak and smaller teams are probably not that big of an issue. At least not for operating Keycloak. What I feel to be more a problem is, that many (at least of our) clients are not understanding OAuth 2.0 and OIDC well, and therefore puts a larger burdon on support work. Also there must be at least someone very knowledgable of Keycloak to give guidance to the rest of the team, but in general I would not say it's dangerous. We have even a team operating their own keycloak and using our keycloak to perform OIDC federation (don't ask me why tho, I never understood it).
> Also there must be at least someone very knowledgable of Keycloak to give guidance to the rest of the team
this is why I said large team, you need people with knowledge, but on small teams you likely can neither hire them (if the team already exist) or have resource to spare on giving someone a lot of time to get into it. And having just one specialist would be very risk to actually you need 1.5-2 people. Things become worse if you also need to have plugins and are not a Java workshop at all (as even if you don't write them you should review 3rd party plugins).
Through I guess that doesn't apply if you only do very straight forward thing, like no multi tenant no fancy anything, then a small team work well. too.
I mainly said it can be dangerous as small new startups are often on a very very tight time schedule so the delays yo can run into if you don't have a Keycloak expert can be quite hurtful for them.
We run Apereo CAS pretty successfully. Originally to use the CAS protocol, but now that CAS (the protocol) has been deprecated, we're slowly migrating to OIDC. One sort of weird note about Apereo CAS, OpenID Connect can return data in two format, nested and flat. CAS is the only server I've ever worked with, that defaults to nested. Almost no clients supports this, but the server can be reconfigured to use flat.
KeyCloak is also very good, but I'd run is as a container due to the quick release/update cycle. If I had to do our infrastructure over, I'd probably go for KeyCloak, just because it's the most used.
Yeah, we only have the one issuer, so it's not a concern. For pretty much every KeyCloak project I've done, we have also favored doing separate deployments for separate issuers, so I'd say it's not much of an issue, in most cases.
Regarding the optional standards, no. We've not run into an clients that would require or in many cases even support anything but the most basic OpenID Connect. I'm sure there's a point to supporting them, but I've never seen it being needed for your average use case.
Another closed source option, which can be self-hosted or used as a SaaS: FusionAuth (my employer). It also has a full featured plan which is free if you self host and is available via docker, etc.
Why Apple not open this system?
It would have been enough to let people use the old system 6. Apple never did localization for Polish and many other languages. It didn't add USB, etc. It could have been done today.
-- run within https://akkartik.itch.io/carousel
g = love.graphics
rect = g.rectangle
color = g.setColor
floor = math.floor
Limit = 13
Byo_yomi_period = 30 -- seconds
Curr_color = 'black'
Byo_yomi = {
black=0,
white=0,
}
Curr_time = 0
function car.update(dt)
if Byo_yomi.black == Limit or Byo_yomi.white == Limit then
return
end
Curr_time = Curr_time + dt
if Curr_time > Byo_yomi_period then
Byo_yomi[Curr_color] = Byo_yomi[Curr_color] + 1
Curr_time = Curr_time - Byo_yomi_period
end end
-- initialize space per side
local side_w = floor((Safe_width-60 - 100)/2)
-- initialize font size
local function font_size_for_chess_clock()
local font_size
local min_font_size = 20
local max_font_size = Safe_height
for i=1,100 do
if min_font_size >= max_font_size-5 then
break
end
font_size = floor((min_font_size+max_font_size)/2)
local font = g.newFont(font_size)
local w = font:getWidth('00:00:00')
if w < side_w then
min_font_size = font_size
elseif w > side_w then
max_font_size = font_size
elseif w == side_w then
break
end
end
return font_size
end
local large_font_size = font_size_for_chess_clock()
local large_font = g.newFont(large_font_size)
local small_font_size = 20
local small_font = g.newFont(small_font_size)
function car.draw()
local top = Menu_height+20
local x = 30
local height = Safe_height-80
local gutter_width = 100
-- black side
color(0.2,0.2,0.2)
rect('fill', x, top, side_w, height, 5,5)
color(1,1,1)
local y
if Byo_yomi.black < Limit - 10 then
y = top + (height-large_font_size)/2
print_centered(large_font, Byo_yomi.black, y, x, side_w)
if Curr_color == 'black' then
y = y + large_font_size + 10
print_centered(small_font, floor(Curr_time), y, x, side_w)
end
elseif Byo_yomi.black < Limit-1 then
y = top + (height - large_font_size*2 - 10)/2
local s = ('%d left'):format(Limit - Byo_yomi.black)
print_centered(large_font, s, y, x, side_w)
if Curr_color == 'black' then
y = y + large_font_size + 10
print_centered(large_font, floor(Curr_time), y, x, side_w)
end
elseif Byo_yomi.black == Limit-1 then
y = top + (height - large_font_size - 10 - small_font_size)/2
print_centered(small_font, "no time left", y, x, side_w)
if Curr_color == 'black' then
y = y + small_font_size + 10
print_centered(large_font, floor(Curr_time), y, x, side_w)
end
else
-- out of time; Byo_yomi.black == Limit
-- print nothing
end
-- white side
x = x + side_w + gutter_width
color(0,0,0)
rect('line', x, top, side_w, height, 5,5)
if Byo_yomi.white < Limit-10 then
y = top + (height-large_font_size)/2
print_centered(large_font, Byo_yomi.white, y, x, side_w)
if Curr_color == 'white' then
y = y + large_font_size + 10
print_centered(small_font, floor(Curr_time), y, x, side_w)
end
elseif Byo_yomi.white < Limit-1 then
y = top + (height - large_font_size*2 - 10)/2
local s = ('%d left'):format(Limit - Byo_yomi.white)
print_centered(large_font, s, y, x, side_w)
if Curr_color == 'white' then
y = y + large_font_size + 10
print_centered(large_font, floor(Curr_time), y, x, side_w)
end
elseif Byo_yomi.white == Limit-1 then
y = top + (height - large_font_size - 10 - small_font_size)/2
print_centered(small_font, "no time left", y, x, side_w)
if Curr_color == 'white' then
y = y + small_font_size + 10
print_centered(large_font, floor(Curr_time), y, x, side_w)
end
else
-- out of time; Byo_yomi.white == Limit
-- print nothing
end end
function print_centered(font, msg, y, left, width)
local w = font:getWidth(msg)
local x = left + (width-w)/2
g.setFont(font)
g.print(msg, x,y)
end
function car.mouse_press(x,y, b)
if Byo_yomi.black == Limit or Byo_yomi.white == Limit then
return
end
if y >= Menu_height + 20 then
if Curr_color == 'black' then
-- it's black's move
if x <= 30+side_w then
Curr_color = 'white'
Curr_time = 0
end
else
-- it's white's move
if x >= 30 + side_w + 100 then
Curr_color = 'black'
Curr_time = 0
end end end end
