[keycloak-dev] Introduce role attributes

Schuster Sebastian (INST/ESY1) Sebastian.Schuster at bosch-si.com
Wed Jul 25 10:02:16 EDT 2018


We also have the same requirements but would use it mostly for role metadata. This would not be used in a token but for thinks like after assigning a role to a user sending an email to the person responsible for that role. This is required for compliance reasons. We would strongly prefer to store this data in Keycloak as custom role attributes instead of maintaining it somewhere else...

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Dr.-Ing.  Sebastian Schuster

Engineering and Support (INST/ESY1) 
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com
Tel. +49 30 726112-485 | Fax +49 30 726112-100 | Sebastian.Schuster at bosch-si.com

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B 
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn 




-----Original Message-----
From: keycloak-dev-bounces at lists.jboss.org <keycloak-dev-bounces at lists.jboss.org> On Behalf Of Stian Thorgersen
Sent: Montag, 16. Juli 2018 20:27
To: Sebastian.Loesch at governikus.de
Cc: keycloak-dev <keycloak-dev at lists.jboss.org>
Subject: Re: [keycloak-dev] Introduce role attributes

I don't think we should add attributes to roles. It would introduce complexity and also potentially have performance/memory impacts.

I also struggle to see how you would use attributes associated with roles.
Are you thinking that would be mapped into the token together with the role name?

On Tue, 3 Jul 2018 at 07:37, Lösch, Sebastian < Sebastian.Loesch at governikus.de> wrote:

> Hi developers,
>
> we are currently setting up a project using keycloak and need to model:
> - representative roles, i.e. roles that are given temporarily from one 
> user to another e.g. in holiday times
> - roles contain entitlements on business objects
>
> The current role object in keycloak is not sufficent for our use cases.
> Searching for a solution I stumbled over
> https://issues.jboss.org/browse/KEYCLOAK-961
> Introducing role attributes would solve my challenges. Also this fits 
> well in the keycloak data model, as there are already user attributes, 
> group attributes, realm attributes.
>
> So I would like to add role attributes to keycloak in the style of 
> group attributes.
> What do you think?
>
> Best regards,
> Sebastian
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list