3:59 p.m.
Hi,
I want to perform some customization to Keycloak using existing SPIs.
For that, I need to store a configuration parameter (may be different value per realm).
What is the way to achieve that? Is there an SPI to extend the realm properties?
The only solution I can think of now is setting a custom attribute in the users group of
the realm.
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png@01D2C8DE.BFF33E10]
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
3:44 a.m.
Hi,
Any answer on that??
Thanks,
Ori .
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Ori Doolman
Sent: Tuesday, January 16, 2018 00:00
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] adding realm level configuration parameter
Hi,
I want to perform some customization to Keycloak using existing SPIs.
For that, I need to store a configuration parameter (may be different value per realm).
What is the way to achieve that? Is there an SPI to extend the realm properties?
The only solution I can think of now is setting a custom attribute in the users group of
the realm.
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png@01D2C8DE.BFF33E10]
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
5:03 a.m.
Hi Ori,
In Keycloak, realms do have their own attributes. Starting with 2.2.0,
they are exposed as
org.keycloak.models.RealmModel::{get,set}Attribute*() methods, so I
suggest that you take a look at them. Seems like exactly what you need
- just make sure your attribute names do not clash with internal ones
(examine realm_attribute table contents for that). It will be pretty
safe to prefix your attribute names with something unique, like
"com.amdocs.*"
If you need truly *global* persistent configuration (i.e. not bound to
any realm), unfortunately there's no such functionality in KC at the
moment, but I'm implementing the same for my company's needs. Let me
know if you're interested.
Cheers,
Dmitry
Hi,
Any answer on that??
Thanks,
Ori .
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org
[mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Ori Doolman
Sent: Tuesday, January 16, 2018 00:00
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] adding realm level configuration parameter
Hi,
I want to perform some customization to Keycloak using existing SPIs.
For that, I need to store a configuration parameter (may be different value per realm).
What is the way to achieve that? Is there an SPI to extend the realm properties?
The only solution I can think of now is setting a custom attribute in the users group of
the realm.
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png@01D2C8DE.BFF33E10]
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:06 a.m.
Hi Dmitry,
Thank you very much for your answer.
1) I assume that ‘realm_attribute’ table has no control from the Web UI admin
console. Does it?
2) How did you implement the global configurqation?
Thanks,
Ori
From: Dmitry Telegin [mailto:mitya@cargosoft.ru]
Sent: Monday, January 22, 2018 13:03
To: Ori Doolman <Ori.Doolman(a)Amdocs.com>; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] adding realm level configuration parameter
Hi Ori,
In Keycloak, realms do have their own attributes. Starting with 2.2.0, they are exposed as
org.keycloak.models.RealmModel::{get,set}Attribute*() methods, so I suggest that you take
a look at them. Seems like exactly what you need - just make sure your attribute names do
not clash with internal ones (examine realm_attribute table contents for that). It will be
pretty safe to prefix your attribute names with something unique, like
"com.amdocs.*"
If you need truly *global* persistent configuration (i.e. not bound to any realm),
unfortunately there's no such functionality in KC at the moment, but I'm
implementing the same for my company's needs. Let me know if you're interested.
Cheers,
Dmitry
Hi,
Any answer on that??
Thanks,
Ori .
-----Original Message-----
From:
keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>
[mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Ori Doolman
Sent: Tuesday, January 16, 2018 00:00
To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: [keycloak-user] adding realm level configuration parameter
Hi,
I want to perform some customization to Keycloak using existing SPIs.
For that, I need to store a configuration parameter (may be different value per realm).
What is the way to achieve that? Is there an SPI to extend the realm properties?
The only solution I can think of now is setting a custom attribute in the users group of
the realm.
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png@01D2C8DE.BFF33E10<mailto:image001.png@01D2C8DE.BFF33E10>]
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
7:29 a.m.
Hi,
for anyone interested, we have possibility to add:
- custom REST endpoints if you need control your own realm attributes
- custom DB entities if you want custom entities, which are possibly not
tightly coupled to any realm (EG. global entities).
- custom SPI / providers. You may configure global settings in
standalone(-ha).xml at subsystem level with that.
There is an example for all those functionalities. In the "providers"
directory of keycloak-examples distribution, there is "domain-extension"
. Some docs is in "Server development guide".
Marek
On 22/01/18 13:06, Ori Doolman wrote:
Hi Dmitry,
Thank you very much for your answer.
1) I assume that ‘realm_attribute’ table has no control from the Web UI admin
console. Does it?
2) How did you implement the global configurqation?
Thanks,
Ori
From: Dmitry Telegin [mailto:mitya@cargosoft.ru]
Sent: Monday, January 22, 2018 13:03
To: Ori Doolman <Ori.Doolman(a)Amdocs.com>; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] adding realm level configuration parameter
Hi Ori,
In Keycloak, realms do have their own attributes. Starting with 2.2.0, they are exposed
as org.keycloak.models.RealmModel::{get,set}Attribute*() methods, so I suggest that you
take a look at them. Seems like exactly what you need - just make sure your attribute
names do not clash with internal ones (examine realm_attribute table contents for that).
It will be pretty safe to prefix your attribute names with something unique, like
"com.amdocs.*"
If you need truly *global* persistent configuration (i.e. not bound to any realm),
unfortunately there's no such functionality in KC at the moment, but I'm
implementing the same for my company's needs. Let me know if you're interested.
Cheers,
Dmitry
Hi,
Any answer on that??
Thanks,
Ori .
-----Original Message-----
From:
keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>
[mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Ori Doolman
Sent: Tuesday, January 16, 2018 00:00
To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: [keycloak-user] adding realm level configuration parameter
Hi,
I want to perform some customization to Keycloak using existing SPIs.
For that, I need to store a configuration parameter (may be different value per realm).
What is the way to achieve that? Is there an SPI to extend the realm properties?
The only solution I can think of now is setting a custom attribute in the users group of
the realm.
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png@01D2C8DE.BFF33E10<mailto:image001.png@01D2C8DE.BFF33E10>]
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
This message and the information contained herein is proprietary and confidential and
subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:42 p.m.
Hi Marek,
Hi,
for anyone interested, we have possibility to add:
- custom REST endpoints if you need control your own realm attributes
- custom DB entities if you want custom entities, which are possibly
not
tightly coupled to any realm (EG. global entities).
- custom SPI / providers. You may configure global settings in
standalone(-ha).xml at subsystem level with that.
Some time ago I've proposed a solution for global writable (persistent)
config, based on Apache Commons Configuration: http://lists.jboss.org/p
ipermail/keycloak-dev/2017-December/010261.html
The message seemingly went unnoticed; could you please share your
thoughts on that? This will be opensourced, but will also benefit a lot
from inclusion into upstream Keycloak (if it's decided it's worth
that).
There is an example for all those functionalities. In the
"providers"
directory of keycloak-examples distribution, there is "domain-
extension"
. Some docs is in "Server development guide".
Unfortunately, the "domain-extension" example is borked and is not
going to be fixed anytime soon https://issues.jboss.org/browse/KEYCLOAK
-5927
I'd rather recommend (not surprisingly ;) my own BeerCloak example,
which is 100% working and maintained https://github.com/dteleguin/beerc
loak
In fact, I see it not as a mere example, but a kind of unofficial
blueprint for real-world Keycloak extensions. Can we publicize it
somehow? Guys who stumble upon it find it very useful, but the only way
to "stumble upon it" is browsing this very mailing list :)
Cheers,Dmitry
Marek
On 22/01/18 13:06, Ori Doolman wrote:
> Hi Dmitry,
> Thank you very much for your answer.
>
>
> 1) I assume that ‘realm_attribute’ table has no control from
> the Web UI admin console. Does it?
>
> 2) How did you implement the global configurqation?
>
>
> Thanks,
>
> Ori
>
> From: Dmitry Telegin [mailto:mitya@cargosoft.ru]
> Sent: Monday, January 22, 2018 13:03
> To: Ori Doolman <Ori.Doolman(a)Amdocs.com>; keycloak-user(a)lists.jboss
> .org
> Subject: Re: [keycloak-user] adding realm level configuration
> parameter
>
> Hi Ori,
>
> In Keycloak, realms do have their own attributes. Starting with
> 2.2.0, they are exposed as
> org.keycloak.models.RealmModel::{get,set}Attribute*() methods, so I
> suggest that you take a look at them. Seems like exactly what you
> need - just make sure your attribute names do not clash with
> internal ones (examine realm_attribute table contents for that). It
> will be pretty safe to prefix your attribute names with something
> unique, like "com.amdocs.*"
>
> If you need truly *global* persistent configuration (i.e. not bound
> to any realm), unfortunately there's no such functionality in KC at
> the moment, but I'm implementing the same for my company's needs.
> Let me know if you're interested.
>
> Cheers,
> Dmitry
>
>
> Hi,
>
>
>
> Any answer on that??
>
>
>
>
>
>
>
> Thanks,
>
>
>
> Ori .
>
>
>
>
>
> -----Original Message-----
>
> From: keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bo
> unces(a)lists.jboss.org> [mailto:keycloak-user-bounces@lists.jboss.or
> g] On Behalf Of Ori Doolman
>
> Sent: Tuesday, January 16, 2018 00:00
>
> To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.
> org>
>
> Subject: [keycloak-user] adding realm level configuration parameter
>
>
>
> Hi,
>
> I want to perform some customization to Keycloak using existing
> SPIs.
>
> For that, I need to store a configuration parameter (may be
> different value per realm).
>
> What is the way to achieve that? Is there an SPI to extend the
> realm properties?
>
> The only solution I can think of now is setting a custom attribute
> in the users group of the realm.
>
>
>
>
>
> Thanks,
>
>
>
> Ori Doolman
>
> Lead Software Architect
>
> Amdocs Optima
>
>
>
> +972 9 778 6914 (office)
>
> +972 50 9111442 (mobile)
>
>
>
> [cid:image001.png@01D2C8DE.BFF33E10<mailto:image001.png@01D2C8DE.BF
> F33E10>]
>
>
>
> This message and the information contained herein is proprietary
> and confidential and subject to the Amdocs policy statement,
>
>
>
> you may review at https://www.amdocs.com/about/email-disclaimer
> <https://www.amdocs.com/about/email-disclaimer>
>
> This message and the information contained herein is proprietary
> and confidential and subject to the Amdocs policy statement,
>
>
>
> you may review at https://www.amdocs.com/about/email-disclaimer
> <https://www.amdocs.com/about/email-disclaimer>
>
>
>
>
>
> _______________________________________________
>
> keycloak-user mailing list
>
> keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> This message and the information contained herein is proprietary
> and confidential and subject to the Amdocs policy statement,
>
> you may review at https://www.amdocs.com/about/email-disclaimer
> <https://www.amdocs.com/about/email-disclaimer>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2:22 a.m.
Hi Dmitry,
It's interesting idea. But I think we're going to develop any more
advanced global writable configuration just if it's needed for some
built-in Keycloak features. And that's not the case now at this moment
AFAIK. Maybe in the future...
On 22/01/18 21:42, Dmitry Telegin wrote:
Hi Marek,
> Hi,
>
> for anyone interested, we have possibility to add:
> - custom REST endpoints if you need control your own realm attributes
> - custom DB entities if you want custom entities, which are possibly not
> tightly coupled to any realm (EG. global entities).
> - custom SPI / providers. You may configure global settings in
> standalone(-ha).xml at subsystem level with that.
Some time ago I've proposed a solution for global writable
(persistent) config, based on Apache Commons Configuration:
http://lists.jboss.org/pipermail/keycloak-dev/2017-December/010261.html
The message seemingly went unnoticed; could you please share your
thoughts on that? This will be opensourced, but will also benefit a
lot from inclusion into upstream Keycloak (if it's decided it's worth
that).
I am not sure exactly about all the requirements you have for the
use-case. I would (maybe) try one of the following:
- Use the global configuration at keycloak subsystem in standalone.xml
(EG. you can see "scheduled-task-interval" or the configuration under
"theme" element). You mentioned it's not sufficient for you, but for us
it's ok ATM.
- You can use some custom Component configured at "master" realm level
as a way for global storage
- You can use infinispan cache as a storage. This supports some things
you mentioned like: events+notifications, persistent Cache stores (to
backup data to JDBC or File if needed) etc. It's editable (if you do
custom REST endpoint to CRUD the data) etc.
> There is an example for all those functionalities. In the "providers"
> directory of keycloak-examples distribution, there is "domain-extension"
> . Some docs is in "Server development guide".
Unfortunately, the "domain-extension" example is borked and is not
going to be fixed anytime soon
https://issues.jboss.org/browse/KEYCLOAK-5927
You reported the bug and you know
where the issue is. Cool. Maybe you
could also send PR to fix it? :)
I'd rather recommend (not surprisingly ;) my own BeerCloak example,
which is 100% working and maintained
https://github.com/dteleguin/beercloak
In fact, I see it not as a mere example, but a kind of unofficial
blueprint for real-world Keycloak extensions. Can we publicize it
somehow? Guys who stumble upon it find it very useful, but the only
way to "stumble upon it" is browsing this very mailing list :)
Yes, we
can maybe have some page like "community maintained
contributions" or something like that. The issue is, that those
examples/extensions can become outdated when the maintainer from the
community loses interest. There are both advantages and disadvantages of it.
Marek
Cheers,
Dmitry
> Marek
>
> On 22/01/18 13:06, Ori Doolman wrote:
>> Hi Dmitry, Thank you very much for your answer. 1) I assume that
>> ‘realm_attribute’ table has no control from the Web UI admin
>> console. Does it? 2) How did you implement the global
>> configurqation? Thanks, Ori From: Dmitry Telegin
>> [mailto:mitya@cargosoft.ru] Sent: Monday, January 22, 2018 13:03 To:
>> Ori Doolman <Ori.Doolman(a)Amdocs.com
>> <mailto:Ori.Doolman@Amdocs.com>>; keycloak-user(a)lists.jboss.org
>> <mailto:keycloak-user@lists.jboss.org> Subject: Re: [keycloak-user]
>> adding realm level configuration parameter Hi Ori, In Keycloak,
>> realms do have their own attributes. Starting with 2.2.0, they are
>> exposed as org.keycloak.models.RealmModel::{get,set}Attribute*()
>> methods, so I suggest that you take a look at them. Seems like
>> exactly what you need - just make sure your attribute names do not
>> clash with internal ones (examine realm_attribute table contents for
>> that). It will be pretty safe to prefix your attribute names with
>> something unique, like "com.amdocs.*" If you need truly *global*
>> persistent configuration (i.e. not bound to any realm),
>> unfortunately there's no such functionality in KC at the moment, but
>> I'm implementing the same for my company's needs. Let me know if
>> you're interested. Cheers, Dmitry Hi, Any answer on that?? Thanks,
>> Ori . -----Original Message----- From:
>> keycloak-user-bounces(a)lists.jboss.org
>>
<mailto:keycloak-user-bounces@lists.jboss.org><mailto:keycloak-user-bounces@lists.jboss.org>
>> [mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Ori
>> Doolman Sent: Tuesday, January 16, 2018 00:00 To:
>> keycloak-user(a)lists.jboss.org
>>
<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org>
>> Subject: [keycloak-user] adding realm level configuration parameter
>> Hi, I want to perform some customization to Keycloak using existing
>> SPIs. For that, I need to store a configuration parameter (may be
>> different value per realm). What is the way to achieve that? Is
>> there an SPI to extend the realm properties? The only solution I can
>> think of now is setting a custom attribute in the users group of the
>> realm. Thanks, Ori Doolman Lead Software Architect Amdocs Optima
>> +972 9 778 6914 (office) +972 50 9111442 (mobile)
>> [cid:image001.png@01D2C8DE.BFF33E10
>>
<mailto:image001.png@01D2C8DE.BFF33E10><mailto:image001.png@01D2C8DE.BFF33E10>]
>> This message and the information contained herein is proprietary and
>> confidential and subject to the Amdocs policy statement, you may
>> review at https://www.amdocs.com/about/email-disclaimer
>> <https://www.amdocs.com/about/email-disclaimer> This message and the
>> information contained herein is proprietary and confidential and
>> subject to the Amdocs policy statement, you may review at
>> https://www.amdocs.com/about/email-disclaimer
>> <https://www.amdocs.com/about/email-disclaimer>
>> _______________________________________________ keycloak-user
>> mailing list keycloak-user(a)lists.jboss.org
>>
<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user This message
>> and the information contained herein is proprietary and confidential
>> and subject to the Amdocs policy statement, you may review at
>> https://www.amdocs.com/about/email-disclaimer
>> <https://www.amdocs.com/about/email-disclaimer>
>> _______________________________________________ keycloak-user
>> mailing list keycloak-user(a)lists.jboss.org
>> <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
7:40 p.m.
Hi Marek, sorry for not replying earlier,
> > There is an example for all those functionalities. In the
> > "providers"
> > directory of keycloak-examples distribution, there is "domain-
> > extension"
> > . Some docs is in "Server development guide".
>
> Unfortunately, the "domain-extension" example is borked and is not
> going to be fixed anytime soon
> https://issues.jboss.org/browse/KEYCLOAK-5927
You reported the bug and you know where the issue is. Cool. Maybe
you could also send PR to fix it? :)
Yep I was thinking about that. I could implement the same approach I'm
using in BeerCloak, but only if I were sure I'm not doing it in an
obsolete/deprecated way. I've heard that authorization for REST admin
resources has been revamped recently; could you please take a look at
BeerCloak just to make sure I'm doing it the right way?
Thanks,
Dmitry
8:15 a.m.
Dne 9.2.2018 v 02:40 Dmitry Telegin napsal(a):
Hi Marek, sorry for not replying earlier,
>>> There is an example for all those functionalities. In the
"providers"
>>> directory of keycloak-examples distribution, there is
>>> "domain-extension"
>>> . Some docs is in "Server development guide".
>>
>> Unfortunately, the "domain-extension" example is borked and is not
>> going to be fixed anytime soon
>> https://issues.jboss.org/browse/KEYCLOAK-5927
> You reported the bug and you know where the issue is. Cool. Maybe
> you could also send PR to fix it? :)
Yep I was thinking about that. I could implement the same approach I'm
using in BeerCloak, but only if I were sure I'm not doing it in an
obsolete/deprecated way. I've heard that authorization for REST admin
resources has been revamped recently; could you please take a look at
BeerCloak just to make sure I'm doing it the right way?
There is support for
fine-grain authorization of admin REST endpoints,
but it's not enabled by default, so it should be backwards compatible.
If BeerCloak still works with latest Keycloak, then you should be fine.
Marek
Thanks,
Dmitry
2:20 p.m.
Hi Ori,
Hi Dmitry,
Thank you very much for your answer.
1)
I assume that ‘realm_attribute’ table has no control from the Web UI
admin console. Does it?
Upon introduction of realm attributes, we were discussing such an
option, see comments here: https://github.com/keycloak/keycloak/pull/31
53That time we didn't come up with any conclusion if the GUI were
indeed necessary; another consideration was the introduction of
components, which I thought would have replaced realm attributes one
day. However I think the component system has a bit different scope;
this also might be of some interest for you, take a look at
org.keycloak.component package in the keycloak-server-spi module.
2)
How did you implement the global configurqation?
I've roughly outlined it in my posting to keycloak-dev: http://lists.jb
oss.org/pipermail/keycloak-dev/2017-December/010261.htmlIn a few words,
there will be a ConfigurationProvider to configure and expose
Configuration instance to providers. This will be implemented with
Apache Commons Configuration, backed by a database table and proxied
with Infinispan to provide clustering support. BTW this component will
be opensourced (tentatively, by mid-February).
Cheers,Dmitry
Thanks,
Ori
From: Dmitry Telegin [mailto:mitya@cargosoft.ru]
Sent: Monday, January 22, 2018 13:03
To: Ori Doolman <Ori.Doolman(a)Amdocs.com>; keycloak-user(a)lists.jboss.o
rg
Subject: Re: [keycloak-user] adding realm level configuration
parameter
Hi Ori,
In Keycloak, realms do have their own attributes. Starting with
2.2.0, they are exposed as
org.keycloak.models.RealmModel::{get,set}Attribute*() methods, so I
suggest that you take a look at them. Seems like exactly what you
need - just
make sure your attribute names do not clash with internal ones
(examine realm_attribute table contents for that). It will be pretty
safe to prefix your attribute names with something unique, like
"com.amdocs.*"
If you need truly *global* persistent configuration (i.e. not bound
to any realm), unfortunately there's no such functionality in KC at
the moment, but I'm implementing the same for my company's needs. Let
me know if you're interested.
Cheers,
Dmitry
Hi,
Any answer on that??
Thanks,
Ori .
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bou
nces(a)lists.jboss.org] On Behalf Of Ori Doolman
Sent: Tuesday, January 16, 2018 00:00
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] adding realm level configuration parameter
Hi,
I want to perform some customization to Keycloak using existing SPIs.
For that, I need to store a configuration parameter (may be different
value per realm).
What is the way to achieve that? Is there an SPI to extend the realm
properties?
The only solution I can think of now is setting a custom attribute in
the users group of the realm.
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png@01D2C8DE.BFF33E10]
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
<https://www.amdocs.com/about/email-disclaimer>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
This message and the information contained herein is proprietary and
confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer
2512
days inactive
2537
days old
9 comments
3 participants
participants (3)
-
Dmitry Telegin -
Marek Posolda -
Ori Doolman