[keycloak-dev] Provider config

Bill Burke bburke at redhat.com
Tue Jul 22 09:04:56 EDT 2014 

Can you keep the KeycloakSesion/Provider SPIs backward compatible while 
you do this?

On 7/22/2014 5:56 AM, Stian Thorgersen wrote:
> We need to add a generic provider config mechanism. It should be possible to configure providers at two levels:
>
> * Server - through keycloak-server.json
> * Realm  - through RealmProvider
>
> With regards to server we already have this. It requires editing the keycloak-server.json and restarting the server. IMO that's fine for now, and we can consider adding support for doing this at runtime through the admin console in the future.
>
> For realm config (which would be needed for ldap) I propose that we add a ProviderConfigModel to RealmProvider. The ProviderConfigModel consists of:
>
> * RealmModel realm
> * String spi
> * String provider
> * Map<String, String> config
>
> We need to add an admin endpoints to add/update provider configs as well as making it possible to edit these through the admin console. We should add a method to the provider factory:
>
> * List<ConfigOption> getConfigOptions - this will return the configuration options the provider can support
>
> ConfigOption will include (we could also add support for validation):
>
> * String key
> * String label
>
> On the admin console I propose we add a Provider config page. The page will list out all available SPIs, once you select an SPI it will list out all available providers. You can then click on individual providers to get a form to edit the provider config. The form will use the getConfigOptions to know what labels/input fields to add.
>
> Further, we need to make some changes to KeycloakSession/ProviderFactory to support realm config. We could change ProviderFactory.create(KeycloakSession session) to ProviderFactory.create(KeycloakSession session, String realmId, Config.Scope realmConfig). This allows a provider to either share resources (i.e. connections) with multiple realms, or if it wants different connections per-realm it can handle that internally (for example in a map using realmId as the key).
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list