[keycloak-dev] User SPI cache policies
Stian Thorgersen
sthorger at redhat.com
Mon Oct 31 08:51:51 EDT 2016
On 31 October 2016 at 13:49, Bill Burke <bburke at redhat.com> wrote:
>
>
> On 10/31/16 1:48 AM, Stian Thorgersen wrote:
>
>> What about evict on authenticate (load from store when user
>> authenticates)? I think that would be the most useful policy.
>>
>> That would need to be implemented at the authenticator level.
Implementation details aside, should we not have it? It seems like the most
likely time you want to fetch the user and especially credentials.
>
>
> Should we have the same type of policy support on the KC database?
>>
>> Thought about that, but isn't this already configured via infinispan?
>
Yes/no. It's configured globally for all realms and can't easily be
reconfigured through the admin console at runtime.
More information about the keycloak-dev
mailing list