[keycloak-dev] Provider config
Stian Thorgersen
stian at redhat.com
Tue Jul 22 05:56:49 EDT 2014
We need to add a generic provider config mechanism. It should be possible to configure providers at two levels:
* Server - through keycloak-server.json
* Realm - through RealmProvider
With regards to server we already have this. It requires editing the keycloak-server.json and restarting the server. IMO that's fine for now, and we can consider adding support for doing this at runtime through the admin console in the future.
For realm config (which would be needed for ldap) I propose that we add a ProviderConfigModel to RealmProvider. The ProviderConfigModel consists of:
* RealmModel realm
* String spi
* String provider
* Map<String, String> config
We need to add an admin endpoints to add/update provider configs as well as making it possible to edit these through the admin console. We should add a method to the provider factory:
* List<ConfigOption> getConfigOptions - this will return the configuration options the provider can support
ConfigOption will include (we could also add support for validation):
* String key
* String label
On the admin console I propose we add a Provider config page. The page will list out all available SPIs, once you select an SPI it will list out all available providers. You can then click on individual providers to get a form to edit the provider config. The form will use the getConfigOptions to know what labels/input fields to add.
Further, we need to make some changes to KeycloakSession/ProviderFactory to support realm config. We could change ProviderFactory.create(KeycloakSession session) to ProviderFactory.create(KeycloakSession session, String realmId, Config.Scope realmConfig). This allows a provider to either share resources (i.e. connections) with multiple realms, or if it wants different connections per-realm it can handle that internally (for example in a map using realmId as the key).
More information about the keycloak-dev
mailing list