[keycloak-dev] Shared mapper configs

Marek Posolda mposolda at redhat.com
Fri Mar 13 12:42:09 EDT 2015


How about the modularization stuff? I believe ProtocolMapper is kind of 
SPI, which will people often implement by themselves. Currently they 
need to declare dependency on keycloak-services module, which has 50 
other dependencies.

It looks to me that it could be divided into 3 separate modules like:
- ProtocolMapper SPI itself
- OIDC mapper implementations
- SAML mapper implementations

and each of them will need to have just some minimal dependencies on 
keycloak-core, keycloak-model-api and few other things.

Marek


On 13.3.2015 16:40, Bill Burke wrote:
> I think it will be just as common that each application has different
> token requirements, so it needs to be easy to add additional mappers as
> well.  For example, each may want the same user attribute claims, but
> each will want a different role scope and maybe want to format the roles
> to match how their application wants them.  This is especially true for
> SAML where how the roles are formatted may be different per app.
>
>
> On 3/13/2015 2:24 AM, Stian Thorgersen wrote:
>> Bill,
>>
>> As I mentioned when you demoed protocol mappers I think we should introduce a protocol mapper type that is configured on a realm level, then one or more applications can use the same configuration. It would be good to do that before releasing 1.2.0.Beta1.
>>
>> I think that having it like is will be an overhead to most folks as they'll want the same token sent to all applications and will have to re-create the same mapping multiple times (and make changes multiple times as well).
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>



More information about the keycloak-dev mailing list