[keycloak-dev] Provider config

Stian Thorgersen stian at redhat.com
Tue Jul 22 09:08:20 EDT 2014



----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 22 July, 2014 2:04:56 PM
> Subject: Re: [keycloak-dev] Provider config
> 
> Can you keep the KeycloakSesion/Provider SPIs backward compatible while
> you do this?

Do we need to? If we do it'll need some more thinking ;)

> 
> On 7/22/2014 5:56 AM, Stian Thorgersen wrote:
> > We need to add a generic provider config mechanism. It should be possible
> > to configure providers at two levels:
> >
> > * Server - through keycloak-server.json
> > * Realm  - through RealmProvider
> >
> > With regards to server we already have this. It requires editing the
> > keycloak-server.json and restarting the server. IMO that's fine for now,
> > and we can consider adding support for doing this at runtime through the
> > admin console in the future.
> >
> > For realm config (which would be needed for ldap) I propose that we add a
> > ProviderConfigModel to RealmProvider. The ProviderConfigModel consists of:
> >
> > * RealmModel realm
> > * String spi
> > * String provider
> > * Map<String, String> config
> >
> > We need to add an admin endpoints to add/update provider configs as well as
> > making it possible to edit these through the admin console. We should add
> > a method to the provider factory:
> >
> > * List<ConfigOption> getConfigOptions - this will return the configuration
> > options the provider can support
> >
> > ConfigOption will include (we could also add support for validation):
> >
> > * String key
> > * String label
> >
> > On the admin console I propose we add a Provider config page. The page will
> > list out all available SPIs, once you select an SPI it will list out all
> > available providers. You can then click on individual providers to get a
> > form to edit the provider config. The form will use the getConfigOptions
> > to know what labels/input fields to add.
> >
> > Further, we need to make some changes to KeycloakSession/ProviderFactory to
> > support realm config. We could change
> > ProviderFactory.create(KeycloakSession session) to
> > ProviderFactory.create(KeycloakSession session, String realmId,
> > Config.Scope realmConfig). This allows a provider to either share
> > resources (i.e. connections) with multiple realms, or if it wants
> > different connections per-realm it can handle that internally (for example
> > in a map using realmId as the key).
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list