[keycloak-dev] Client Storage SPI and KEYCLOAK-6408
cedric@couralet.eu
cedric at couralet.eu
Wed Jun 12 08:09:29 EDT 2019
Not sure I understand your question, I imagine a functionality like for the users ("user federation"), sort of client federation which could use ldap (or other thing). So, it could be multiple places with a "sync registration" feature or not. I realize it is a great deal of change of course.
Le Mercredi, Juin 12, 2019 09:17 CEST, Stian Thorgersen <sthorger at redhat.com> a écrit:
> Big question is do you want to store clients in LDAP only or multiple
> places for a single realm?
>
> On Wed, 12 Jun 2019, 07:26 cedric at couralet.eu, <cedric at couralet.eu> wrote:
>
> > In case it could help , for our limited case, we would like the
> > possibility to fetch client configuration from ldap (and secret).
> > Historically, we manage application account (and roles) in ldap. Having
> > keycloak able to retrieve those from ldap would be a huge help.
> > Personnally, I'd like to use keycloak as an orchestrator (very good at
> > that) between different "store", without state.
> >
> >
> > Le Mardi, Juin 11, 2019 12:49 CEST, Stian Thorgersen <sthorger at redhat.com>
> > a écrit:
> >
> > > We are planning a bigger rework of the storage layer in the future as
> > part
> > > of Keycloak .Next.
> > >
> > > With that in mind you should rather follow the discussion around that as
> > it
> > > unfolds over the next few months.
> > >
> > > For the current implementation we can be open to smaller stuff, but not
> > big
> > > overhauls.
> > >
> > > Finishing the client storage API may be useful, but to be honest not many
> > > people have been interested here. I'd rather see a simpler client store
> > > where it's easier to replace with a custom store. I don't think there's
> > > need to federate multiple client stores for a single realm.
> > >
> > > For LDAP I'm not sure what you mean about separate core and user stuff.
> > It
> > > is only a user store, at least now. Are you perhaps thinking about
> > storing
> > > clients in LDAP?
> > >
> > > On Sat, 8 Jun 2019 at 08:46, Justin Gross <jgross.biz at gmail.com> wrote:
> > >
> > > > Good afternoon, good evening and good morning everyone! I am Justin and
> > > > I’d like to start contributing to Keycloak.
> > > >
> > > > Is there anyone on the list that is interested in the continuing
> > > > development of Client Storage SPI? (KEYCLOAK-6408 in JIRA)
> > > >
> > > > If you answered yes to the above, what storage systems/software are you
> > > > interested in using for client storage?
> > > >
> > > > Preparing to take on some of the things listed in KEYCLOAK-6408.
> > > >
> > > > I am in the middle of a lite refactoring of some useful things which
> > are
> > > > currently specific to user storage federation such as
> > > > SynchronizationResult, ImportSynchronization, etc… so they can be used
> > by
> > > > the yet to be finished Client Storage API.
> > > >
> > > > I also plan to refactor some of the LDAP federation stuff so that the
> > user
> > > > specific stuff is separate from the core LDAP functionality itself.
> > > > Eventually I want to use LDAP to store client configuration and
> > there’s a
> > > > lot of useful LDAP functionality stashed away in the user federation
> > stuff.
> > > >
> > > >
> > > > Thank you,
> > > >
> > > > Justin Gross
> > > >
> > > > _______________________________________________
> > > > keycloak-dev mailing list
> > > > keycloak-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> >
More information about the keycloak-dev
mailing list