[keycloak-dev] Are both "id" and "name" needed on RealmModel?
Bill Burke
bburke at redhat.com
Fri Sep 6 18:06:11 EDT 2013
On 9/6/2013 5:59 PM, Marek Posolda wrote:
> Actually in RealmModel there are methods:
>
> String getId();
> String getName();
> void setName(String name);
>
>
> and in KeycloakSession there are methods:
>
> RealmModel createRealm(String name);
This will autoomatically generate an ID.
> RealmModel createRealm(String id, String name);
Allows you to provide an ID and name when creating a realm. Great for
setting up our demo example application!
> RealmModel getRealm(String id);
>
>
> There is also quite strange mapping as model attribute "id" is mapped in
> Picketlink partition as "name" and model attribute "name" is mapped in
> Picketlink as "realmName" (I used something similar for my MongoDB
> prototype as well).
>
Picketlink is messed up a little. It has the an "ID" attribute, but you
search based on a "name". This is why Keycloak-PL code is modelled a
little strangely. I don't know if they have fixed this in the latest PL
releases.
> I wonder if it's really needed to have both "id" and "name" in model?
In Keycloak model, yes. It is necessary. If we have a SaaS service
that hosts multiple companies, then the ID will prevent name clashes.
> Picketlink allows to search Partitions by "name" (represented in
> Keycloak as "id"), so I think that it should be good enough to have in
> model just "name" and map it to Picketlink "name".
>
No. See above. "Name" in Keycloak is non-unique. "name" must be
unique in Picketlink partitions. Again, I think this is just a bug on
their part.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list