Re: [keycloak-user] Keycloak data stores - Config, User, Realm, Session ...
On 10 January 2017 at 07:31, Santosh Haranath <santosh.haranath(a)gmail.com>
wrote:
We are evaluating to use Keycloak for a multi-tenant access
management
solution deployed across 2 regions. Red Hat OpenShift Container Platform
version 3.3 is the deployment platform.
We have some data model constraints which requires us to use LDAP store.
- What is Keycloak's configuration store? How is configuration
synchronized? Where is SAML meta data, OAuth Client credentials etc.
stored?
Relational DB or Mongo
- I have read concerns about Mongo DB data store due to transaction
requirements and possible removal of support from V3. Which SPI requires
transactions? When is Version 3 due ?
Anything that updates more than one document could result in
inconsistencies in Mongo and our current Mongo implementation is broken
into quite a few documents/collections
3 is couple months away
- Can we split data store responsibilities as below?
SPI -> Data Store Provider
/subsystem=keycloak-server/spi=realm -> Mongo
/subsystem=keycloak-server/spi=user -> LDAP
/subsystem=keycloak-server/spi=userSessionPersister -> Infinispan
/subsystem=keycloak-server/spi=authorizationPersister -> Infinispan
/subsystem=keycloak-server/spi=userFederatedStorage -> LDAP
/subsystem=keycloak-server/spi=eventsStore -> Mongo
Not quite yet as we still require users synced to KC database, but
https://issues.jboss.org/browse/KEYCLOAK-3964 will allow having users
purely in LDAP
Thanks.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user