[keycloak-dev] Client Storage SPI and KEYCLOAK-6408

Stian Thorgersen sthorger at redhat.com
Wed Jun 12 03:17:52 EDT 2019


Big question is do you want to store clients in LDAP only or multiple
places for a single realm?

On Wed, 12 Jun 2019, 07:26 cedric at couralet.eu, <cedric at couralet.eu> wrote:

> In case it could help , for our limited case, we would like the
> possibility to fetch client configuration from ldap (and secret).
> Historically, we manage application account (and roles)  in ldap. Having
> keycloak able to retrieve those from ldap would be a huge help.
> Personnally, I'd like to use keycloak as an orchestrator (very good at
> that) between different "store", without state.
>
>
> Le Mardi, Juin 11, 2019 12:49 CEST, Stian Thorgersen <sthorger at redhat.com>
> a écrit:
>
> > We are planning a bigger rework of the storage layer in the future as
> part
> > of Keycloak .Next.
> >
> > With that in mind you should rather follow the discussion around that as
> it
> > unfolds over the next few months.
> >
> > For the current implementation we can be open to smaller stuff, but not
> big
> > overhauls.
> >
> > Finishing the client storage API may be useful, but to be honest not many
> > people have been interested here. I'd rather see a simpler client store
> > where it's easier to replace with a custom store. I don't think there's
> > need to federate multiple client stores for a single realm.
> >
> > For LDAP I'm not sure what you mean about separate core and user stuff.
> It
> > is only a user store, at least now. Are you perhaps thinking about
> storing
> > clients in LDAP?
> >
> > On Sat, 8 Jun 2019 at 08:46, Justin Gross <jgross.biz at gmail.com> wrote:
> >
> > > Good afternoon, good evening and good morning everyone! I am Justin and
> > > I’d like to start contributing to Keycloak.
> > >
> > > Is there anyone on the list that is interested in the continuing
> > > development of Client Storage SPI? (KEYCLOAK-6408 in JIRA)
> > >
> > > If you answered yes to the above, what storage systems/software are you
> > > interested in using for client storage?
> > >
> > > Preparing to take on some of the things listed in KEYCLOAK-6408.
> > >
> > > I am in the middle of a lite refactoring of some useful things which
> are
> > > currently specific to user storage federation such as
> > > SynchronizationResult, ImportSynchronization, etc… so they can be used
> by
> > > the yet to be finished Client Storage API.
> > >
> > > I also plan to refactor some of the LDAP federation stuff so that the
> user
> > > specific stuff is separate from the core LDAP functionality itself.
> > > Eventually I want to use LDAP to store client configuration and
> there’s a
> > > lot of useful LDAP functionality stashed away in the user federation
> stuff.
> > >
> > >
> > > Thank you,
> > >
> > > Justin Gross
> > >
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>


More information about the keycloak-dev mailing list