Sounds like it would make sense for the SAML transient use-case you mentioned, but do we
have other use-cases for it? Wouldn't it be a fairly big change for a rare use-case?
Unless we start supporting IdP logins without provisioning an internal account, but that
would be a pretty big change as well for something we haven't had a request for.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, 24 March, 2015 3:54:28 PM
Subject: [keycloak-dev] usersession-based UserModels
I'm thinking more and more we need UserSession based UserModels. This
would be the case where nothing is imported for a user with either
brokering or federation, but rather stored in memory for the duration of
the UserSession.
If user metadata (role mappings, etc.) is all obtained from external
sources, there really is no need to import the data and import is just a
huge performance hit.
I ran into this with "transient" nameid format and SAML brokering. In
this scenario the parent IDP generates a new userid each and every
login. This is to define an anonymous user. So, every time a user logs
in would create a brand new user in the keycloak database.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev