<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Deprecating and leaving for awhile, not sure how long. Product
relies on LDAP plugin so we might have to keep the SPI, just not
document or support it. It will be refactored here and there
though to streamline the model api.</p>
<p>New SPI already exists in parallel with old fed spi in 2.1.0 and
in master.<br>
</p>
<br>
<div class="moz-cite-prefix">On 8/11/16 5:13 PM, Scott Rossillo
wrote:<br>
</div>
<blockquote
cite="mid:3A675D7C-4F43-402A-B2CD-88D9B7F51341@smartling.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div class="">Bill, you’re planning to remove user federation
support? Did I read that correctly?</div>
<br class="">
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap:
break-word; -webkit-nbsp-mode: space; -webkit-line-break:
after-white-space;" class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class="">Scott Rossillo</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class="">Smartling | Senior
Software Engineer</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class=""><a
moz-do-not-send="true"
href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class="">
</div>
</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Aug 11, 2016, at 4:51 PM, Bill Burke <<a
moz-do-not-send="true" href="mailto:bburke@redhat.com"
class="">bburke@redhat.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class=""><br class="">
<br class="">
On 8/11/16 4:33 PM, Bruno Oliveira wrote:<br class="">
<blockquote type="cite" class="">On 2016-08-11, Bill Burke
wrote:<br class="">
<blockquote type="cite" class="">IMO, you don't need to
put a lot of work into this as UserFederation SPI<br
class="">
is going to be deprecated.<br class="">
</blockquote>
Thanks Bill, will replace it at SSSD federation
provider.<br class="">
</blockquote>
I'm currently working on revamping credential storage and
validation. <br class="">
Hope to get to documentation right after than. If you
look tat the <br class="">
example though, you can pick and choose which interfaces
you want to <br class="">
implement. If you just want to make a user available for
lookup for <br class="">
login, just implement that interface. If you want admin
console <br class="">
support, implement another interface.<br class="">
<br class="">
<blockquote type="cite" class="">
<blockquote type="cite" class="">Here's an example of
new UserStorageProvider SPI. Its very similar.<br
class="">
<br class="">
<a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/tree/master/examples/providers/user-storage-jpa"
class="">https://github.com/keycloak/keycloak/tree/master/examples/providers/user-storage-jpa</a><br
class="">
<br class="">
There will be no more importing of users. If you
think about it, what<br class="">
we had before was a persistent cache, which IMO,
doesn't make much<br class="">
sense. The biggest reason for imports was it made
querying easier, but<br class="">
I think I've got a solution for that implemented,
albeit an inefficient<br class="">
one for large role sets.<br class="">
</blockquote>
Should we just put the idea to bed for now?<br class="">
</blockquote>
For userFed SPI, yes...but the new stuff needs review.<br
class="">
<br class="">
<blockquote type="cite" class="">
<blockquote type="cite" class="">What I think we will
need is a common exception i.e. ModelReadOnly or<br
class="">
something and have it handled gracefully in the admin
console and rest API.<br class="">
</blockquote>
Maybe I'm oversimplifying and missing the big picture.
But why not have a<br class="">
UserModel with boolean field like "editable"? Something
close to what we<br class="">
have today for enabled/disabled users.<br class="">
</blockquote>
<br class="">
Some implementations may only be readonly for certain
attributes, <br class="">
properties, and/or credentials. For example, LDAP might
be read-only, <br class="">
but the provider may be storing other things within
Keycloak.<br class="">
<br class="">
Bill<br class="">
_______________________________________________<br
class="">
keycloak-dev mailing list<br class="">
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org" class="">keycloak-dev@lists.jboss.org</a><br
class="">
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br
class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</blockquote>
<br>
</body>
</html>