Re: [keycloak-dev] Mongo Replica Sets

I am not asking for support, I am proposing a change to the mongodb connection provider to support mongo replica sets. best Carsten ------------------------------ Carsten Saathoff - KISTERS AG - Stau 75 - 26122 Oldenburg - Germany Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers Phone: +49 441 93602 -257 | Fax: +49 441 93602 -222 | E-Mail: Carsten.Saathoff(a)kisters.de | WWW: http://www.kisters.de ------------------------------ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. From: Stian Thorgersen <sthorger(a)redhat.com&gt; To: Carsten Saathoff <Carsten.Saathoff(a)kisters.de&gt;, Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org&gt; Date: 08/10/2015 12:00 Subject: Re: [keycloak-dev] Mongo Replica Sets Sent by: keycloak-dev-bounces(a)lists.jboss.org ------------------------------ Please use user mailing list for support On 8 October 2015 at 10:42, Carsten Saathoff < *Carsten.Saathoff(a)kisters.de* <Carsten.Saathoff(a)kisters.de&gt;&gt; wrote: Hi all, we are currently setting up a production system that uses keycloak as the Identity Provider. We use mongodb as the database for keycloak (since this is our main database), but require keycloak to also handle mongodb replica sets appropriately. Currently, when the primary changes in a mongo replica set, keycloak stops working, since it only connects to a single instance. I have a version of keycloak that uses a mongodb:// uri[1] to specify the mongo connection parameters in the keycloak configuration file. Since mongodb:// uris are a standard way of obtaining a mongo client, this naturally supports replica sets. The patch is only a couple of lines and seems to work. The only issue I have is that the MongoDB update seems to be broken in master currently. But this is also the case when I build keycloak without my patch, so I assume this to be an unrelated issue. The commit is available in my keycloak fork: *https://github.com/kodemaniak/keycloak/commit/6741dffe38c9c8d9fd8ca1e92cb15762666a607a* <https://github.com/kodemaniak/keycloak/commit/6741dffe38c9c8d9fd8ca1e92cb... Only the setup of the operational attributes is still missing for the configuration via uri, but it can easily be added. I would like to get this somehow into an official release, since I think that supporting replica sets is crucial in order to use keycloak with mongo in a production setup. Personally I think that specifying mongo connection parameters via mongodb:// uris is the most convenient way and it's standardized. So it could even be the only way of specifying the connection details IMHO. Since in the contribution section it's encouraged to first discuss such ideas on this mailing list prior to sending a pull request, I am sending this mail to receive any feedback. best Carsten [1] *http://docs.mongodb.org/manual/reference/connection-string/* <http://docs.mongodb.org/manual/reference/connection-string/> ------------------------------ Carsten Saathoff - KISTERS AG - Stau 75 - 26122 Oldenburg - Germany Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers Phone: *+49 441 93602 -257* <%2B49%20441%2093602%20-257> | Fax: *+49 441 93602 -222* <%2B49%20441%2093602%20-222> | E-Mail: *Carsten.Saathoff(a)kisters.de* <Carsten.Saathoff(a)kisters.de&gt; | WWW: *http://www.kisters.de* <http://www.kisters.de/> ------------------------------ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. _______________________________________________ keycloak-dev mailing list *keycloak-dev(a)lists.jboss.org* <keycloak-dev(a)lists.jboss.org&gt; *https://lists.jboss.org/mailman/listinfo/keycloak-dev* <https://lists.jboss.org/mailman/listinfo/keycloak-dev> _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev