<div dir="ltr"><div><div>That PR will be enough for me to get by for now. We've been using .pkcs12 files and including chains at times, so not positive that 2048 is going to be big enough. For now, I think that we'll just plan on dropping associated cert files with the SPI libraries. Shouldn't be too bad to do that, and maybe in the future we can look at extending that SPI to accommodate files?<br><br></div>The only other note I would have is that enumerated types aren't supported (I.E. as a dropdown with selectable values). I see where that won't be too difficult; I'll get together a PR for selectable options. Do you want me to file a FR for supporting file types for provider configuration?<br><br></div>In the end it would be really nice to have a fully extensible configuration mechanism (in the same ways that LDAP or kerberos are configured). For instance, LDAP configurations allow you to run validation to make sure your authentication works. I would (ideally) like to leverage a similar function for my federation provider. Not saying it's an essential, but would certainly add some polish to the federation provider SPI.<br><br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><span><div><div>Josh Cain | Software Applications Engineer<br></div><i>Identity and Access Management</i><br></div><b>Red Hat</b><br>+1 843-737-1735<br></span></div></div></div>
<br><div class="gmail_quote">On Wed, Jan 13, 2016 at 9:28 AM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
I totally forgot about that PR. Are those PR changes good enough
for you? Can you live with just that new interface? I can change
and increase the value for user federation config to 2048 to support
things like certificate pem files. <br><div><div class="h5">
<br>
<div>On 1/13/2016 10:18 AM, Josh Cain wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>Bill,<br>
<br>
</div>
Thanks for the quick response.<br>
<br>
</div>
I do think it would be very useful for us if the federation
provider configuration were more verbose. I saw where some
work was done recently on this (<a href="https://github.com/keycloak/keycloak/pull/1973" target="_blank">PR-1973</a>)
to allow for better customization on labels and help texts and
such. Extending the REST endpoints for configuration could
potentially be useful as well. <br>
<br>
We're using certificate files for a portion of our
configuration, so we'd actually need to store the file objects
in the DB, as opposed to just parsing configuration files.<br>
<br>
</div>
Totally understand about feature freeze. Let me know what I can
do to help, I'm still getting my feet wet with Keycloak, but
don't mind jumping in when necessary.<br>
<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr"><span>
<div>
<div>Josh Cain | Software Applications Engineer<br>
</div>
<i>Identity and Access Management</i><br>
</div>
<b>Red Hat</b><br>
<a href="tel:%2B1%20843-737-1735" value="+18437371735" target="_blank">+1 843-737-1735</a><br>
</span></div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Jan 13, 2016 at 8:41 AM, Bill
Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Right now, you're
going to have to modify app.js, I can refactor app.js so
you don't have to modify it, but, you'll have to wait
until next release to get these changes.<br>
<br>
Unfortunately, the UserFederationProvider only supports
name/value pairs for configuration and a max size for
Value of 255 characters. I can expand the SPI to allow
you to plug ina backend REST service that would allow you
to parse the file and add the appropriate config, but at
this time, we can't really provide a brand new config
model for UserFederation as this is supposed to be feature
freeze right now.
<div>
<div><br>
<br>
<div>On 1/12/2016 5:56 PM, Josh Cain wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>Hi all,<br>
<br>
</div>
I've got a UserFederationProvider that needs
6-8 configuration elements, to include
enumerated types and even a couple of
files. I'd like to keep the configuration
of this provider in the Keycloak admin
console, but am not sure how to do so.<br>
<br>
</div>
I've read through the <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/themes.html" target="_blank">themes documentation</a>,
but I have not been able to find a suitable
solution. I thought of just dropping a new
partial in there to handle more
straightforward configuration items like
enumerated types, but couldn't find a way to
do so without having to override the entire
app.js. What's more, I was not certain if
Keycloak was already set up to handle
something like a File object in the REST/DB
backend.<br>
</div>
<br>
</div>
I suppose my question boils down to "How can I
integrate enumerated and file type configuration
options for my UserFederationProvider into the
Keycloak administration system?" Any help would
be much appreciated - thanks!<br>
<div>
<div>
<div>
<div><br clear="all">
<div>
<div>
<div>
<div dir="ltr"><span>
<div>
<div>Josh Cain | Software
Applications Engineer<br>
</div>
<i>Identity and Access
Management</i><br>
</div>
<b>Red Hat</b><br>
<a href="tel:%2B1%20843-737-1735" value="+18437371735" target="_blank">+1
843-737-1735</a><br>
</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</font></span></div>
<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</div></div></div>
</blockquote></div><br></div>