[keycloak-dev] Mongo Replica Sets

Carsten Saathoff Carsten.Saathoff at kisters.de
Fri Oct 9 02:28:04 EDT 2015 

Yes, you are right. I will update that.

best

Carsten

--------------------------------------------------------------------------------------------------------------------------------------------
 Carsten Saathoff - KISTERS AG - Stau 75 - 26122 Oldenburg - Germany
Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers
Phone: +49 441 93602 -257 | Fax: +49 441 93602 -222 | E-Mail: Carsten.Saathoff at kisters.de | WWW: http://www.kisters.de
--------------------------------------------------------------------------------------------------------------------------------------------
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. 
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

From:   Marek Posolda <mposolda at redhat.com>
To:     stian at redhat.com, Carsten Saathoff <Carsten.Saathoff at kisters.de>, 
Cc:     keycloak-dev <keycloak-dev at lists.jboss.org>
Date:   09/10/2015 06:10
Subject:        Re: [keycloak-dev] Mongo Replica Sets
Sent by:        keycloak-dev-bounces at lists.jboss.org



Just one minor thing, it looks to me that when you introduce "uri" in the 
configuration, the operationalInfo won't be filled. This operationInfo is 
used for admins for debugging server status and can be shown for example 
from admin console. Could you improve PR to ensure it is filled?

Thanks,
Marek

On 08/10/15 19:15, Stian Thorgersen wrote:
Sorry, I scanned it to a bit to quick. 

Your patch looks good, create a PR and we'll merge it.

On 8 October 2015 at 12:24, Carsten Saathoff <Carsten.Saathoff at kisters.de> 
wrote:
I am not asking for support, I am proposing a change to the mongodb 
connection provider to support mongo replica sets. 

best 

Carsten 
Carsten Saathoff - KISTERS AG - Stau 75 - 26122 Oldenburg - Germany
Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns 
Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers
Phone: +49 441 93602 -257 | Fax: +49 441 93602 -222 | E-Mail: 
Carsten.Saathoff at kisters.de | WWW: http://www.kisters.de Diese E-Mail 
enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie 
nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten 
haben, informieren Sie bitte sofort den Absender und vernichten Sie diese 
Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail 
ist nicht gestattet. 
This e-mail may contain confidential and/or privileged information. If you 
are not the intended recipient (or have received this e-mail in error) 
please notify the sender immediately and destroy this e-mail. Any 
unauthorised copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden. 



From:        Stian Thorgersen <sthorger at redhat.com> 
To:        Carsten Saathoff <Carsten.Saathoff at kisters.de>, 
Cc:        keycloak-dev <keycloak-dev at lists.jboss.org> 
Date:        08/10/2015 12:00 
Subject:        Re: [keycloak-dev] Mongo Replica Sets 
Sent by:        keycloak-dev-bounces at lists.jboss.org 




Please use user mailing list for support 

On 8 October 2015 at 10:42, Carsten Saathoff <Carsten.Saathoff at kisters.de> 
wrote: 
Hi all, 

we are currently setting up a production system that uses keycloak as the 
Identity Provider. We use mongodb as the database for keycloak (since this 
is our main database), but require keycloak to also handle mongodb replica 
sets appropriately. Currently, when the primary changes in a mongo replica 
set, keycloak stops working, since it only connects to a single instance. 

I have a version of keycloak that uses a mongodb:// uri[1] to specify the 
mongo connection parameters in the keycloak configuration file. Since 
mongodb:// uris are a standard way of obtaining a mongo client, this 
naturally supports replica sets. The patch is only a couple of lines and 
seems to work. The only issue I have is that the MongoDB update seems to 
be broken in master currently. But this is also the case when I build 
keycloak without my patch, so I assume this to be an unrelated issue. 

The commit is available in my keycloak fork: 

https://github.com/kodemaniak/keycloak/commit/6741dffe38c9c8d9fd8ca1e92cb15762666a607a 


Only the setup of the operational attributes is still missing for the 
configuration via uri, but it can easily be added. 

I would like to get this somehow into an official release, since I think 
that supporting replica sets is crucial in order to use keycloak with 
mongo in a production setup. Personally I think that specifying mongo 
connection parameters via mongodb:// uris is the most convenient way and 
it's standardized. So it could even be the only way of specifying the 
connection details IMHO. 

Since in the contribution section it's encouraged to first discuss such 
ideas on this mailing list prior to sending a pull request, I am sending 
this mail to receive any feedback. 

best 

Carsten 

[1] http://docs.mongodb.org/manual/reference/connection-string/ 

Carsten Saathoff - KISTERS AG - Stau 75 - 26122 Oldenburg - Germany
Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns 
Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers
Phone: +49 441 93602 -257 | Fax: +49 441 93602 -222 | E-Mail: 
Carsten.Saathoff at kisters.de | WWW: http://www.kisters.de Diese E-Mail 
enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie 
nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten 
haben, informieren Sie bitte sofort den Absender und vernichten Sie diese 
Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail 
ist nicht gestattet. 
This e-mail may contain confidential and/or privileged information. If you 
are not the intended recipient (or have received this e-mail in error) 
please notify the sender immediately and destroy this e-mail. Any 
unauthorised copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden. 
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev 
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev 



_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151009/e6bf453b/attachment-0001.html

More information about the keycloak-dev mailing list