On 7/24/2014 7:55 PM, Bill Burke wrote:
On 7/23/2014 5:33 PM, Bill Burke wrote:
> * Going to have an import-attributes on/off switch. A keycloak->ldap
> attribute map will be required to be configured. If this switch is off,
> UserModel proxy will load attributes on demand.
I'm not going to do anything with attributes that doesn't already exist.
Picketlink requires property mappings to actual properties on an
actual class (User). Our LDAP federation will be a bit limited :(
Hopefully what we have is good enough. We can look at improving this
after 1.0.Final. Honestly I'd just like to write our own LDAP
abstraction. Once users start wanting to deal with claims, there's
going to be some stored in LDAP some stored in our store. Picketlink
just can handle this scenario dynamically. Everything must be
statically defined in a Java class and mapped with annotations.
Correction: Picketlink just *cannot* handle dynamic things.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com