Re: [keycloak-dev] Provider config

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Tuesday, 22 July, 2014 2:04:56 PM Subject: Re: [keycloak-dev] Provider config Can you keep the KeycloakSesion/Provider SPIs backward compatible while you do this?

On 7/22/2014 5:56 AM, Stian Thorgersen wrote: > We need to add a generic provider config mechanism. It should be possible > to configure providers at two levels: > > * Server - through keycloak-server.json > * Realm - through RealmProvider > > With regards to server we already have this. It requires editing the > keycloak-server.json and restarting the server. IMO that's fine for now, > and we can consider adding support for doing this at runtime through the > admin console in the future. > > For realm config (which would be needed for ldap) I propose that we add a > ProviderConfigModel to RealmProvider. The ProviderConfigModel consists of: > > * RealmModel realm > * String spi > * String provider > * Map<String, String> config > > We need to add an admin endpoints to add/update provider configs as well as > making it possible to edit these through the admin console. We should add > a method to the provider factory: > > * List<ConfigOption> getConfigOptions - this will return the configuration > options the provider can support > > ConfigOption will include (we could also add support for validation): > > * String key > * String label > > On the admin console I propose we add a Provider config page. The page will > list out all available SPIs, once you select an SPI it will list out all > available providers. You can then click on individual providers to get a > form to edit the provider config. The form will use the getConfigOptions > to know what labels/input fields to add. > > Further, we need to make some changes to KeycloakSession/ProviderFactory to > support realm config. We could change > ProviderFactory.create(KeycloakSession session) to > ProviderFactory.create(KeycloakSession session, String realmId, > Config.Scope realmConfig). This allows a provider to either share > resources (i.e. connections) with multiple realms, or if it wants > different connections per-realm it can handle that internally (for example > in a map using realmId as the key). > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev