[keycloak-dev] Are both "id" and "name" needed on RealmModel?
Marek Posolda
mposolda at redhat.com
Mon Sep 9 04:16:55 EDT 2013
On 7.9.2013 00:06, Bill Burke wrote:
>
> On 9/6/2013 5:59 PM, Marek Posolda wrote:
>> Actually in RealmModel there are methods:
>>
>> String getId();
>> String getName();
>> void setName(String name);
>>
>>
>> and in KeycloakSession there are methods:
>>
>> RealmModel createRealm(String name);
> This will autoomatically generate an ID.
>
>> RealmModel createRealm(String id, String name);
> Allows you to provide an ID and name when creating a realm. Great for
> setting up our demo example application!
>
>> RealmModel getRealm(String id);
>>
>>
>> There is also quite strange mapping as model attribute "id" is mapped in
>> Picketlink partition as "name" and model attribute "name" is mapped in
>> Picketlink as "realmName" (I used something similar for my MongoDB
>> prototype as well).
>>
> Picketlink is messed up a little. It has the an "ID" attribute, but you
> search based on a "name". This is why Keycloak-PL code is modelled a
> little strangely. I don't know if they have fixed this in the latest PL
> releases.
The "ID" in Picketlink is unique and it's always autogenerated when you
save new partition. It's just used internally by Picketlink for mapping
in tables etc. Picketlink "name is also unique, but you can specify it.
>
>> I wonder if it's really needed to have both "id" and "name" in model?
> In Keycloak model, yes. It is necessary. If we have a SaaS service
> that hosts multiple companies, then the ID will prevent name clashes.
>
>> Picketlink allows to search Partitions by "name" (represented in
>> Keycloak as "id"), so I think that it should be good enough to have in
>> model just "name" and map it to Picketlink "name".
>>
> No. See above. "Name" in Keycloak is non-unique. "name" must be
> unique in Picketlink partitions. Again, I think this is just a bug on
> their part.
Ah, ok. So if we have requirement that name in Keycloak may not be
unique, but just ID must be unique, then it seems that we must map it
like you did. Thanks for the clarification!
Marek
>
>
>
>
More information about the keycloak-dev
mailing list