+1 for have unified mapper for properties and attributes. That's very easy to do, we can just fallback to setAttribute/getAttribute if there is not property . LDAP UserAttribute mapper is already unified and is doing like that.

Having the basic attributes in separate table might theoretically have some performance impact. For example if email is stored as attribute, then each searching by email needs to join 2 tables instead of one. There is also DB constraint to enforce unique email. So maybe at least email worth to keep as it is?


On 18/03/16 13:36, Stian Thorgersen wrote:

+1 Makes sense to me. Especially the part of not having two different mappers. It could still be useful to have a get/set for common attributes, but they would just pass through to attributes rather than separate fields.

On 18 Mar 2016 1:17 p.m., "Vlastimil Elias" <velias@redhat.com> wrote:

as part of planned persistence storage SPI changes we talked about on
f2f we should probably consider removing of first name, last name and
email from UserModel property, but implement them as normal user
attributes with predefined names.

This unification should simplify few things, for example separate
mappers for attributes and properties in Clients and Identity Providers
configuration, which may be hard to understand for beginners (questions
like "what the hell is difference between user properties and
attributes?", "What user properties are available there?").

This should also simplify implementation of User profile validation SPI
we talked about on f2f meeting.

What do you think?


Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team

keycloak-dev mailing list

keycloak-dev mailing list