11:59 p.m.
Actually in RealmModel there are methods:
String getId();
String getName();
void setName(String name);
and in KeycloakSession there are methods:
RealmModel createRealm(String name);
RealmModel createRealm(String id, String name);
RealmModel getRealm(String id);
There is also quite strange mapping as model attribute "id" is mapped in
Picketlink partition as "name" and model attribute "name" is mapped in
Picketlink as "realmName" (I used something similar for my MongoDB
prototype as well).
I wonder if it's really needed to have both "id" and "name" in
model?
Picketlink allows to search Partitions by "name" (represented in
Keycloak as "id"), so I think that it should be good enough to have in
model just "name" and map it to Picketlink "name".
So I would propose to remove "id" from model and have RealmModel like:
String getName();
void setName(String name);
and KeycloakSession like:
RealmModel createRealm(String name);
RealmModel getRealm(String name);
and map "name" to Picketlink "name", which will also allow searching
by it.
BTW. It seems that almost all places in Keycloak (despite few unit
tests) are always using same value for "id" and "name". For example:
RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM,
RealmModel.DEFAULT_REALM);
So I don't know why to have this duplicity.
Marek
12:06 a.m.
On 9/6/2013 5:59 PM, Marek Posolda wrote:
Actually in RealmModel there are methods:
String getId();
String getName();
void setName(String name);
and in KeycloakSession there are methods:
RealmModel createRealm(String name);
This will autoomatically generate an ID.
RealmModel createRealm(String id, String name);
Allows you to provide an ID and name when creating a realm. Great for
setting up our demo example application!
RealmModel getRealm(String id);
There is also quite strange mapping as model attribute "id" is mapped in
Picketlink partition as "name" and model attribute "name" is mapped
in
Picketlink as "realmName" (I used something similar for my MongoDB
prototype as well).
Picketlink is messed up a little. It has the an "ID" attribute, but you
search based on a "name". This is why Keycloak-PL code is modelled a
little strangely. I don't know if they have fixed this in the latest PL
releases.
I wonder if it's really needed to have both "id" and
"name" in model?
In Keycloak model, yes. It is necessary. If we have a SaaS service
that hosts multiple companies, then the ID will prevent name clashes.
Picketlink allows to search Partitions by "name"
(represented in
Keycloak as "id"), so I think that it should be good enough to have in
model just "name" and map it to Picketlink "name".
No. See above. "Name" in Keycloak is non-unique. "name" must be
unique in Picketlink partitions. Again, I think this is just a bug on
their part.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10:16 a.m.
On 7.9.2013 00:06, Bill Burke wrote:
On 9/6/2013 5:59 PM, Marek Posolda wrote:
> Actually in RealmModel there are methods:
>
> String getId();
> String getName();
> void setName(String name);
>
>
> and in KeycloakSession there are methods:
>
> RealmModel createRealm(String name);
This will autoomatically generate an ID.
> RealmModel createRealm(String id, String name);
Allows you to provide an ID and name when creating a realm. Great for
setting up our demo example application!
> RealmModel getRealm(String id);
>
>
> There is also quite strange mapping as model attribute "id" is mapped in
> Picketlink partition as "name" and model attribute "name" is
mapped in
> Picketlink as "realmName" (I used something similar for my MongoDB
> prototype as well).
>
Picketlink is messed up a little. It has the an "ID" attribute, but you
search based on a "name". This is why Keycloak-PL code is modelled a
little strangely. I don't know if they have fixed this in the latest PL
releases.
The "ID" in Picketlink is unique and it's always
autogenerated when you
save new partition. It's just used internally by Picketlink for mapping
in tables etc. Picketlink "name is also unique, but you can specify it.
> I wonder if it's really needed to have both "id" and "name"
in model?
In Keycloak model, yes. It is necessary. If we have a SaaS service
that hosts multiple companies, then the ID will prevent name clashes.
> Picketlink allows to search Partitions by "name" (represented in
> Keycloak as "id"), so I think that it should be good enough to have in
> model just "name" and map it to Picketlink "name".
>
No. See above. "Name" in Keycloak is non-unique. "name" must be
unique in Picketlink partitions. Again, I think this is just a bug on
their part.
Ah, ok. So if we have requirement that name in Keycloak may not be
unique, but just ID must be unique, then it seems that we must map it
like you did. Thanks for the clarification!
Marek
3882
days inactive
3885
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Marek Posolda