[keycloak-dev] Provider config

Stian Thorgersen stian at redhat.com
Tue Jul 22 09:16:48 EDT 2014


Maybe it'll make sense to have two types of providers? Server-scoped and realm-scoped.

----- Original Message -----
> From: "Stian Thorgersen" <stian at redhat.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 22 July, 2014 2:08:20 PM
> Subject: Re: [keycloak-dev] Provider config
> 
> 
> 
> ----- Original Message -----
> > From: "Bill Burke" <bburke at redhat.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Tuesday, 22 July, 2014 2:04:56 PM
> > Subject: Re: [keycloak-dev] Provider config
> > 
> > Can you keep the KeycloakSesion/Provider SPIs backward compatible while
> > you do this?
> 
> Do we need to? If we do it'll need some more thinking ;)
> 
> > 
> > On 7/22/2014 5:56 AM, Stian Thorgersen wrote:
> > > We need to add a generic provider config mechanism. It should be possible
> > > to configure providers at two levels:
> > >
> > > * Server - through keycloak-server.json
> > > * Realm  - through RealmProvider
> > >
> > > With regards to server we already have this. It requires editing the
> > > keycloak-server.json and restarting the server. IMO that's fine for now,
> > > and we can consider adding support for doing this at runtime through the
> > > admin console in the future.
> > >
> > > For realm config (which would be needed for ldap) I propose that we add a
> > > ProviderConfigModel to RealmProvider. The ProviderConfigModel consists
> > > of:
> > >
> > > * RealmModel realm
> > > * String spi
> > > * String provider
> > > * Map<String, String> config
> > >
> > > We need to add an admin endpoints to add/update provider configs as well
> > > as
> > > making it possible to edit these through the admin console. We should add
> > > a method to the provider factory:
> > >
> > > * List<ConfigOption> getConfigOptions - this will return the
> > > configuration
> > > options the provider can support
> > >
> > > ConfigOption will include (we could also add support for validation):
> > >
> > > * String key
> > > * String label
> > >
> > > On the admin console I propose we add a Provider config page. The page
> > > will
> > > list out all available SPIs, once you select an SPI it will list out all
> > > available providers. You can then click on individual providers to get a
> > > form to edit the provider config. The form will use the getConfigOptions
> > > to know what labels/input fields to add.
> > >
> > > Further, we need to make some changes to KeycloakSession/ProviderFactory
> > > to
> > > support realm config. We could change
> > > ProviderFactory.create(KeycloakSession session) to
> > > ProviderFactory.create(KeycloakSession session, String realmId,
> > > Config.Scope realmConfig). This allows a provider to either share
> > > resources (i.e. connections) with multiple realms, or if it wants
> > > different connections per-realm it can handle that internally (for
> > > example
> > > in a map using realmId as the key).
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >
> > 
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list