On 7.9.2013 00:06, Bill Burke wrote:
On 9/6/2013 5:59 PM, Marek Posolda wrote:
> Actually in RealmModel there are methods:
>
> String getId();
> String getName();
> void setName(String name);
>
>
> and in KeycloakSession there are methods:
>
> RealmModel createRealm(String name);
This will autoomatically generate an ID.
> RealmModel createRealm(String id, String name);
Allows you to provide an ID and name when creating a realm. Great for
setting up our demo example application!
> RealmModel getRealm(String id);
>
>
> There is also quite strange mapping as model attribute "id" is mapped in
> Picketlink partition as "name" and model attribute "name" is
mapped in
> Picketlink as "realmName" (I used something similar for my MongoDB
> prototype as well).
>
Picketlink is messed up a little. It has the an "ID" attribute, but you
search based on a "name". This is why Keycloak-PL code is modelled a
little strangely. I don't know if they have fixed this in the latest PL
releases.
The "ID" in Picketlink is unique and it's always
autogenerated when you
save new partition. It's just used internally by Picketlink for mapping
in tables etc. Picketlink "name is also unique, but you can specify it.
> I wonder if it's really needed to have both "id" and "name"
in model?
In Keycloak model, yes. It is necessary. If we have a SaaS service
that hosts multiple companies, then the ID will prevent name clashes.
> Picketlink allows to search Partitions by "name" (represented in
> Keycloak as "id"), so I think that it should be good enough to have in
> model just "name" and map it to Picketlink "name".
>
No. See above. "Name" in Keycloak is non-unique. "name" must be
unique in Picketlink partitions. Again, I think this is just a bug on
their part.
Ah, ok. So if we have requirement that name in Keycloak may not be
unique, but just ID must be unique, then it seems that we must map it
like you did. Thanks for the clarification!
Marek