Re: [keycloak-dev] Multi tenant review
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 10/29/2014 11:23 AM, Juraci Paixão Kröhling wrote:
On 10/28/2014 04:54 PM, Stian Thorgersen wrote:
> 3. CatalinaSessionTokenStore.checkCurrentToken - can you figure
> out the realm if the session was serialized? when adapter is
> clustered we support serializing the session
I'm then changing one of the SecurityContext's to include the
realm, so that it gets de-serialized with this information. Now,
the question is whether it is more appropriate to add it to
KeycloakSecurityContext or RefreshableKeycloakSecurityContext. On
the superclass (KeycloakSecurityContext), I have access only to
IdToken and AccessToken. I believe both have ways to retrieve the
realm (issuer, I believe), but I don't know how reliable this is. I
remember seeing a post from Bill on keycloak-user that it should be
changed to an URL, not the realm name. On the subclass, however, I
have access to the KeycloakDeployment, which provides the realm on
the exact way that it was originally configured.
About this one: I added a new constructor parameter to the superclass,
as all callers did have access to the realm name. So, provided that
storing the realm on the security context is appropriate, this is solved.
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJUUMffAAoJEDnJtskdmzLMA5kIAJSFLqowZHs9Qdb6D4gtd7Fn
tqDyL8g+UXsa0XaCHeXEBmOFalyJ9dsANvsliQE1yOjTyZr3nJUHsbwFbH3ALjyZ
UB1D/TLeQRE5nhW3FAs9VlgvLuDRsZKsVaasu0NptjhOyE++x8EuToJ2YJpu3cCA
2Gaeb1QmqNO3svc8x46t6k7btZ7FXDPuXZQFGF6KDlUYGwKBx/8sIp2mA6h5gvX+
3EuFKDh65dJE+t9SoZy0/7lNOsjVuCsCWV7Be99WLbTFnVZSMlXtTP2+sbOSd5xB
saipMZ43/Oz9vaIy2wGbf8kTAZumL2PIpcegkpvyMC2c8SD/AhdNkZ7RxdOMQ9E=
=sDEU
-----END PGP SIGNATURE-----