We are evaluating to use Keycloak for a multi-tenant access management
solution deployed across 2 regions. Red Hat OpenShift Container Platform
version 3.3 is the deployment platform.
We have some data model constraints which requires us to use LDAP store.
- What is Keycloak's configuration store? How is configuration
synchronized? Where is SAML meta data, OAuth Client credentials etc.
stored?
- I have read concerns about Mongo DB data store due to transaction
requirements and possible removal of support from V3. Which SPI requires
transactions? When is Version 3 due ?
- Can we split data store responsibilities as below?
SPI -> Data Store Provider
/subsystem=keycloak-server/spi=realm -> Mongo
/subsystem=keycloak-server/spi=user -> LDAP
/subsystem=keycloak-server/spi=userSessionPersister -> Infinispan
/subsystem=keycloak-server/spi=authorizationPersister -> Infinispan
/subsystem=keycloak-server/spi=userFederatedStorage -> LDAP
/subsystem=keycloak-server/spi=eventsStore -> Mongo
Thanks.