[keycloak-dev] UserFederationProvider with non-trivial configuration
Bill Burke
bburke at redhat.com
Wed Jan 13 10:45:49 EST 2016
PRs are welcome. Not sure what you mean by enumerated types. I believe
there is a LIST object ou can specify values of?
On 1/13/2016 10:41 AM, Josh Cain wrote:
> That PR will be enough for me to get by for now. We've been using
> .pkcs12 files and including chains at times, so not positive that 2048
> is going to be big enough. For now, I think that we'll just plan on
> dropping associated cert files with the SPI libraries. Shouldn't be
> too bad to do that, and maybe in the future we can look at extending
> that SPI to accommodate files?
>
> The only other note I would have is that enumerated types aren't
> supported (I.E. as a dropdown with selectable values). I see where
> that won't be too difficult; I'll get together a PR for selectable
> options. Do you want me to file a FR for supporting file types for
> provider configuration?
>
> In the end it would be really nice to have a fully extensible
> configuration mechanism (in the same ways that LDAP or kerberos are
> configured). For instance, LDAP configurations allow you to run
> validation to make sure your authentication works. I would (ideally)
> like to leverage a similar function for my federation provider. Not
> saying it's an essential, but would certainly add some polish to the
> federation provider SPI.
>
>
> Josh Cain | Software Applications Engineer
> /Identity and Access Management/
> *Red Hat*
> +1 843-737-1735
>
> On Wed, Jan 13, 2016 at 9:28 AM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
> I totally forgot about that PR. Are those PR changes good enough
> for you? Can you live with just that new interface? I can change
> and increase the value for user federation config to 2048 to
> support things like certificate pem files.
>
> On 1/13/2016 10:18 AM, Josh Cain wrote:
>> Bill,
>>
>> Thanks for the quick response.
>>
>> I do think it would be very useful for us if the federation
>> provider configuration were more verbose. I saw where some work
>> was done recently on this (PR-1973
>> <https://github.com/keycloak/keycloak/pull/1973>) to allow for
>> better customization on labels and help texts and such.
>> Extending the REST endpoints for configuration could potentially
>> be useful as well.
>>
>> We're using certificate files for a portion of our configuration,
>> so we'd actually need to store the file objects in the DB, as
>> opposed to just parsing configuration files.
>>
>> Totally understand about feature freeze. Let me know what I can
>> do to help, I'm still getting my feet wet with Keycloak, but
>> don't mind jumping in when necessary.
>>
>>
>> Josh Cain | Software Applications Engineer
>> /Identity and Access Management/
>> *Red Hat*
>> +1 843-737-1735 <tel:%2B1%20843-737-1735>
>>
>> On Wed, Jan 13, 2016 at 8:41 AM, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>> Right now, you're going to have to modify app.js, I can
>> refactor app.js so you don't have to modify it, but, you'll
>> have to wait until next release to get these changes.
>>
>> Unfortunately, the UserFederationProvider only supports
>> name/value pairs for configuration and a max size for Value
>> of 255 characters. I can expand the SPI to allow you to plug
>> ina backend REST service that would allow you to parse the
>> file and add the appropriate config, but at this time, we
>> can't really provide a brand new config model for
>> UserFederation as this is supposed to be feature freeze right
>> now.
>>
>>
>> On 1/12/2016 5:56 PM, Josh Cain wrote:
>>> Hi all,
>>>
>>> I've got a UserFederationProvider that needs 6-8
>>> configuration elements, to include enumerated types and even
>>> a couple of files. I'd like to keep the configuration of
>>> this provider in the Keycloak admin console, but am not sure
>>> how to do so.
>>>
>>> I've read through the themes documentation
>>> <http://keycloak.github.io/docs/userguide/keycloak-server/html/themes.html>,
>>> but I have not been able to find a suitable solution. I
>>> thought of just dropping a new partial in there to handle
>>> more straightforward configuration items like enumerated
>>> types, but couldn't find a way to do so without having to
>>> override the entire app.js. What's more, I was not certain
>>> if Keycloak was already set up to handle something like a
>>> File object in the REST/DB backend.
>>>
>>> I suppose my question boils down to "How can I integrate
>>> enumerated and file type configuration options for my
>>> UserFederationProvider into the Keycloak administration
>>> system?" Any help would be much appreciated - thanks!
>>>
>>> Josh Cain | Software Applications Engineer
>>> /Identity and Access Management/
>>> *Red Hat*
>>> +1 843-737-1735 <tel:%2B1%20843-737-1735>
>>>
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> <mailto:keycloak-dev at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> <mailto:keycloak-dev at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160113/d7b8727c/attachment-0001.html
More information about the keycloak-dev
mailing list