2:34 p.m.
Hi,
we would like to create a very small PR for the JavaScript Adapter (keycloak.js). This
change would allow one to provide the idpHint via the JSON configuration which could of
course then be dynamically served by a backend. By this everyone could generate a JSON of
the following format:
{
realm: "production",
auth-server-url:
"https://customer-a.example.com/auth"<https://customer-a.example.com/auth>,
bearer-only: false,
resource: "frontend-client",
idp-hint: "customer-a",
}
The consumption of the idp-hint parameter could be done as an one-liner in keycloak.js.
Would it be okay, if we create a PR with the needed change for letting that happen, or are
there other as simple solutions, that we are missing?
Best
Marc Ewert
--
________________________________________________
Marc Ewert | Senior Engineering Manager
Leverton GmbH | Schöneberger Str. 15 | 10963 Berlin | Germany
P +49 30 868 711 059
E marc.ewert@leverton.ai<mailto:marc.ewert@leverton.ai>
https://www.leverton.ai/ | LinkedIn<https://www.linkedin.com/company/leverton>
District Court Berlin-Charlottenburg HRB 140028
Managing Directors: Florian Kuhlmann, Abhinav Somani
3:50 p.m.
I'm not too keen on adding little bits like this to keycloak.json on its
own. Today we have the config split between keycloak.json and init. I'd be
open to allow configuring what you can through init in Keycloak.json, but
would have to be a complete pr with docs and tests.
On Tue, 21 May 2019, 14:37 Marc Ewert, <marc.ewert(a)leverton.ai> wrote:
Hi,
we would like to create a very small PR for the JavaScript Adapter
(keycloak.js). This change would allow one to provide the idpHint via the
JSON configuration which could of course then be dynamically served by a
backend. By this everyone could generate a JSON of the following format:
{
realm: "production",
auth-server-url: "https://customer-a.example.com/auth"<
https://customer-a.example.com/auth>;,
bearer-only: false,
resource: "frontend-client",
idp-hint: "customer-a",
}
The consumption of the idp-hint parameter could be done as an one-liner in
keycloak.js. Would it be okay, if we create a PR with the needed change for
letting that happen, or are there other as simple solutions, that we are
missing?
Best
Marc Ewert
--
________________________________________________
Marc Ewert | Senior Engineering Manager
Leverton GmbH | Schöneberger Str. 15 | 10963 Berlin | Germany
P +49 30 868 711 059
E marc.ewert@leverton.ai<mailto:marc.ewert@leverton.ai>
https://www.leverton.ai/ | LinkedIn<
https://www.linkedin.com/company/leverton>
District Court Berlin-Charlottenburg HRB 140028
Managing Directors: Florian Kuhlmann, Abhinav Somani
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
3:51 p.m.
That would also be a solution, which would allow us to tell the JavaScript Adapter the
idpHint.
One benefit of the "JSON approach" compared to that would be, that there are no
changes in the actual frontend clients needed. This can be achieved by just adding:
kc.idpHint = config['idp-hint'];
to the loadConfig() function in keycloak.js.
In the moment the configuration JSON contains for example the auth-server-url and the
realm. At least for us the idp-hint is related to the auth-server-url, because each
external party gets its own domain. For others I could imagine, that each external party
gets its dedicated realm. In both cases it would be very comfortable, if we could provide
the information just right in the JSON.
Otherwise the frontends has to duplicate the needed code for that decisions.
What do you think?
Best and thanks
Marc Ewert
Am 21.05.19 um 15:50 schrieb Stian Thorgersen:
I'm not too keen on adding little bits like this to keycloak.json on its own. Today we
have the config split between keycloak.json and init. I'd be open to allow configuring
what you can through init in Keycloak.json, but would have to be a complete pr with docs
and tests.
On Tue, 21 May 2019, 14:37 Marc Ewert,
<marc.ewert@leverton.ai<mailto:marc.ewert@leverton.ai>> wrote:
Hi,
we would like to create a very small PR for the JavaScript Adapter (keycloak.js). This
change would allow one to provide the idpHint via the JSON configuration which could of
course then be dynamically served by a backend. By this everyone could generate a JSON of
the following format:
{
realm: "production",
auth-server-url:
"https://customer-a.example.com/auth"<https://customer-a.example.com/auth>,
bearer-only: false,
resource: "frontend-client",
idp-hint: "customer-a",
}
The consumption of the idp-hint parameter could be done as an one-liner in keycloak.js.
Would it be okay, if we create a PR with the needed change for letting that happen, or are
there other as simple solutions, that we are missing?
Best
Marc Ewert
--
________________________________________________
Marc Ewert | Senior Engineering Manager
Leverton GmbH | Schöneberger Str. 15 | 10963 Berlin | Germany
P +49 30 868 711 059
E
marc.ewert@leverton.ai<mailto:marc.ewert@leverton.ai><mailto:marc.ewert@leverton.ai<mailto:marc.ewert@leverton.ai>>
https://www.leverton.ai/ | LinkedIn<https://www.linkedin.com/company/leverton>
District Court Berlin-Charlottenburg HRB 140028
Managing Directors: Florian Kuhlmann, Abhinav Somani
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
________________________________________________
Marc Ewert | Senior Engineering Manager
Leverton GmbH | Schöneberger Str. 15 | 10963 Berlin | Germany
P +49 30 868 711 059
E marc.ewert@leverton.ai<mailto:marc.ewert@leverton.ai>
https://www.leverton.ai/ | LinkedIn<https://www.linkedin.com/company/leverton>
District Court Berlin-Charlottenburg HRB 140028
Managing Directors: Florian Kuhlmann, Abhinav Somani
2076
days inactive
2079
days old
2 comments
2 participants
participants (2)
-
Marc Ewert -
Stian Thorgersen