[keycloak-dev] almost done with my UserFederation work
Bill Burke
bburke at redhat.com
Thu Jul 31 17:57:02 EDT 2014
General changes:
* method signatures have changed a little on UserFederationProvider
* UserFederationProviderModel exposes priority and display name.
Display name is what will be shown in the federation provider list in
the admin console. It defaults to the id of the provider.
* UserFederationProviderFactory now has a getOptions() method. This
lists attributes available for configuration on generic html page.
(Same as auth provider did).
LDAP changes:
* LDAPFederationProvider has new config option called EditMode
- READ_ONLY mode. Exception will be thrown if UserModel.setFirst,
Last, Email, or Username is called. Also, if update of password is
performed
- WRITEABLE mode. Calls LDAP server to update those 4 attributes and
password
- UNSYNCED mode. Doesn't callback to LDAP server to update. Password
can be overridden locally.
* LDAPFederationProvider has new config option syncRegistrations
true/false. If set to true, if the provider has priority, any addUser()
call will add the user to LDAP too.
UI work:
* There is an LDAP specific screen
* There is a generic user federation provider configuration screen
* Searches now query user providers and should show up on user list page.
* View user page will show a link back to the User Federation Provider
if the user has been loaded via federation.
Left to be done:
* Behavior on when a provider is deleted.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list