[keycloak-dev] Proper handling of read only users from user storage
Stian Thorgersen
sthorger at redhat.com
Fri Dec 2 10:36:02 EST 2016
Can we with confidence do this early in 3.x without having to change the
user storage SPI? If so I've got no issue with postponing it to 3.x.
On 2 December 2016 at 16:30, Stian Thorgersen <sthorger at redhat.com> wrote:
> That's far from ideal. Dealing with this through an exception is horrible.
> I've said several times that all we need at minimum is a way for a provider
> to tell Keycloak if it's read or read/write. A boolean is fine for now.
> Once we had that it would take an hour or two to do the UI work.
>
> On 2 December 2016 at 15:15, Bill Burke <bburke at redhat.com> wrote:
>
>> All we're going to be able to implement is better handling of the
>> ReadOnlyException. I just don't have time to do UI work, it takes too
>> long. As it is, many providers will be hybrid, that will be both read-only
>> and writable depending on the attribute, role, credential type, or
>> whatever. LDAP is a perfect example where attributes and role/group
>> mappings can be read only or writable in the same deployment. So, anything
>> more elegant will require reworking LDAP as well.
>>
>>
>>
>> On 12/1/16 5:59 AM, Stian Thorgersen wrote:
>>
>>> We should solve the following issues for 2.5.0:
>>>
>>> https://issues.jboss.org/browse/KEYCLOAK-3060
>>> https://issues.jboss.org/browse/KEYCLOAK-3613
>>>
>>> The current behavior of showing a form and throwing an error is not very
>>> elegant and this should be resolved before as part of user storage SPI work.
>>>
>>
>>
>
More information about the keycloak-dev
mailing list