Not sure if this would be a rare case. Right now our solution is a bit
heavyweight when we have external systems (brokered or
UserFederationProvider) as we require a lot of database writes for those
that log in for the 1st time. I don't think users have hit this yet
because they haven't hit us with a lot of requests.
On 3/25/2015 1:55 AM, Stian Thorgersen wrote:
Sounds like it would make sense for the SAML transient use-case you
mentioned, but do we have other use-cases for it? Wouldn't it be a fairly big change
for a rare use-case?
Unless we start supporting IdP logins without provisioning an internal account, but that
would be a pretty big change as well for something we haven't had a request for.
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Tuesday, 24 March, 2015 3:54:28 PM
> Subject: [keycloak-dev] usersession-based UserModels
>
> I'm thinking more and more we need UserSession based UserModels. This
> would be the case where nothing is imported for a user with either
> brokering or federation, but rather stored in memory for the duration of
> the UserSession.
>
> If user metadata (role mappings, etc.) is all obtained from external
> sources, there really is no need to import the data and import is just a
> huge performance hit.
>
> I ran into this with "transient" nameid format and SAML brokering. In
> this scenario the parent IDP generates a new userid each and every
> login. This is to define an anonymous user. So, every time a user logs
> in would create a brand new user in the keycloak database.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com