In case it could help , for our limited case, we would like the possibility to fetch
client configuration from ldap (and secret).
Historically, we manage application account (and roles) in ldap. Having keycloak able to
retrieve those from ldap would be a huge help.
Personnally, I'd like to use keycloak as an orchestrator (very good at that) between
different "store", without state.
Le Mardi, Juin 11, 2019 12:49 CEST, Stian Thorgersen <sthorger(a)redhat.com> a écrit:
We are planning a bigger rework of the storage layer in the future as
of Keycloak .Next.
With that in mind you should rather follow the discussion around that as it
unfolds over the next few months.
For the current implementation we can be open to smaller stuff, but not big
Finishing the client storage API may be useful, but to be honest not many
people have been interested here. I'd rather see a simpler client store
where it's easier to replace with a custom store. I don't think there's
need to federate multiple client stores for a single realm.
For LDAP I'm not sure what you mean about separate core and user stuff. It
is only a user store, at least now. Are you perhaps thinking about storing
clients in LDAP?
On Sat, 8 Jun 2019 at 08:46, Justin Gross <jgross.biz(a)gmail.com> wrote:
> Good afternoon, good evening and good morning everyone! I am Justin and
> I’d like to start contributing to Keycloak.
> Is there anyone on the list that is interested in the continuing
> development of Client Storage SPI? (KEYCLOAK-6408 in JIRA)
> If you answered yes to the above, what storage systems/software are you
> interested in using for client storage?
> Preparing to take on some of the things listed in KEYCLOAK-6408.
> I am in the middle of a lite refactoring of some useful things which are
> currently specific to user storage federation such as
> SynchronizationResult, ImportSynchronization, etc… so they can be used by
> the yet to be finished Client Storage API.
> I also plan to refactor some of the LDAP federation stuff so that the user
> specific stuff is separate from the core LDAP functionality itself.
> Eventually I want to use LDAP to store client configuration and there’s a
> lot of useful LDAP functionality stashed away in the user federation stuff.
> Thank you,
> Justin Gross
> keycloak-dev mailing list
keycloak-dev mailing list