[keycloak-dev] usersession-based UserModels

[Bill Burke]

I'm thinking more and more we need UserSession based UserModels.  This 
would be the case where nothing is imported for a user with either 
brokering or federation, but rather stored in memory for the duration of 
the UserSession.

If user metadata (role mappings, etc.) is all obtained from external 
sources, there really is no need to import the data and import is just a 
huge performance hit.

I ran into this with "transient" nameid format and SAML brokering.  In 
this scenario the parent IDP generates a new userid each and every 
login.  This is to define an anonymous user.  So, every time a user logs 
in would create a brand new user in the keycloak database.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com