[keycloak-dev] usersession-based UserModels
Stian Thorgersen
stian at redhat.com
Wed Mar 25 01:55:04 EDT 2015
Sounds like it would make sense for the SAML transient use-case you mentioned, but do we have other use-cases for it? Wouldn't it be a fairly big change for a rare use-case?
Unless we start supporting IdP logins without provisioning an internal account, but that would be a pretty big change as well for something we haven't had a request for.
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 24 March, 2015 3:54:28 PM
> Subject: [keycloak-dev] usersession-based UserModels
>
> I'm thinking more and more we need UserSession based UserModels. This
> would be the case where nothing is imported for a user with either
> brokering or federation, but rather stored in memory for the duration of
> the UserSession.
>
> If user metadata (role mappings, etc.) is all obtained from external
> sources, there really is no need to import the data and import is just a
> huge performance hit.
>
> I ran into this with "transient" nameid format and SAML brokering. In
> this scenario the parent IDP generates a new userid each and every
> login. This is to define an anonymous user. So, every time a user logs
> in would create a brand new user in the keycloak database.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list