Re: [keycloak-dev] Proper handling of read only users from user storage
That's far from ideal. Dealing with this through an exception is horrible.
I've said several times that all we need at minimum is a way for a provider
to tell Keycloak if it's read or read/write. A boolean is fine for now.
Once we had that it would take an hour or two to do the UI work.
On 2 December 2016 at 15:15, Bill Burke <bburke(a)redhat.com> wrote:
All we're going to be able to implement is better handling of
the
ReadOnlyException. I just don't have time to do UI work, it takes too
long. As it is, many providers will be hybrid, that will be both read-only
and writable depending on the attribute, role, credential type, or
whatever. LDAP is a perfect example where attributes and role/group
mappings can be read only or writable in the same deployment. So, anything
more elegant will require reworking LDAP as well.
On 12/1/16 5:59 AM, Stian Thorgersen wrote:
> We should solve the following issues for 2.5.0:
>
> https://issues.jboss.org/browse/KEYCLOAK-3060
> https://issues.jboss.org/browse/KEYCLOAK-3613
>
> The current behavior of showing a form and throwing an error is not very
> elegant and this should be resolved before as part of user storage SPI work.
>