3:52 p.m.
Hi All,
I'd like to propose a feature wherein you can assign the same master client
to manage multiple realms.
Right now we are using composite roles for some api client credentials. The
issue we have is that if we need to assign or remove roles, we need to
update all realm clients. Also, if we add a new realm, we also need update
our composite roles and assign roles needed for the realm client.
So basically, in our case, we just need one client since all the realm
clients will have exactly the same assigned roles.
This will also improve performance if you have large number of realms since
you won't have a scenario wherein one composite role ends up loading all
roles for each realm client.
This can be implemented by having an option to specify the master client
when creating a realm. If a master client is specified, it will be created
or reused if it already exist.
Since this is only an option, the existing behavior will still be there
(create a master client for the realm).
I've created a proof of concept and got it working. It think this should be
feasible.
Let me know what you think. I'll be happy to submit a PR for this. Thanks.
Best regards,
Gideon
1:54 a.m.
Although I appreciate how this could be useful, this is introducing yet
another complexity into a rather messy part of the code base. I'd like to
see the way realms are managed being made simpler, not more complex with
introducing alternatives here.
On Fri, 19 Oct 2018 at 22:58, Gideon Caranzo <gideonray(a)gmail.com> wrote:
Hi All,
I'd like to propose a feature wherein you can assign the same master client
to manage multiple realms.
Right now we are using composite roles for some api client credentials. The
issue we have is that if we need to assign or remove roles, we need to
update all realm clients. Also, if we add a new realm, we also need update
our composite roles and assign roles needed for the realm client.
So basically, in our case, we just need one client since all the realm
clients will have exactly the same assigned roles.
This will also improve performance if you have large number of realms since
you won't have a scenario wherein one composite role ends up loading all
roles for each realm client.
This can be implemented by having an option to specify the master client
when creating a realm. If a master client is specified, it will be created
or reused if it already exist.
Since this is only an option, the existing behavior will still be there
(create a master client for the realm).
I've created a proof of concept and got it working. It think this should be
feasible.
Let me know what you think. I'll be happy to submit a PR for this. Thanks.
Best regards,
Gideon
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2275
days inactive
2278
days old
1 comments
2 participants
participants (2)
-
Gideon Caranzo -
Stian Thorgersen