[keycloak-dev] Client Storage SPI and KEYCLOAK-6408

Stian Thorgersen sthorger at redhat.com
Wed Jun 12 09:06:30 EDT 2019


So multiple sources for same realm. Not sure that is a common enough
use-case to add as it will of course be much simpler to have a single
client store for a realm.

On Wed, 12 Jun 2019 at 14:09, cedric at couralet.eu <cedric at couralet.eu> wrote:

> Not sure I understand your question, I imagine a functionality like for
> the users ("user federation"), sort of client federation which could use
> ldap (or other thing). So, it could be multiple places with a "sync
> registration" feature or not. I realize it is a great deal of change of
> course.
>
> Le Mercredi, Juin 12, 2019 09:17 CEST, Stian Thorgersen <
> sthorger at redhat.com> a écrit:
>
> > Big question is do you want to store clients in LDAP only or multiple
> > places for a single realm?
> >
> > On Wed, 12 Jun 2019, 07:26 cedric at couralet.eu, <cedric at couralet.eu>
> wrote:
> >
> > > In case it could help , for our limited case, we would like the
> > > possibility to fetch client configuration from ldap (and secret).
> > > Historically, we manage application account (and roles)  in ldap.
> Having
> > > keycloak able to retrieve those from ldap would be a huge help.
> > > Personnally, I'd like to use keycloak as an orchestrator (very good at
> > > that) between different "store", without state.
> > >
> > >
> > > Le Mardi, Juin 11, 2019 12:49 CEST, Stian Thorgersen <
> sthorger at redhat.com>
> > > a écrit:
> > >
> > > > We are planning a bigger rework of the storage layer in the future as
> > > part
> > > > of Keycloak .Next.
> > > >
> > > > With that in mind you should rather follow the discussion around
> that as
> > > it
> > > > unfolds over the next few months.
> > > >
> > > > For the current implementation we can be open to smaller stuff, but
> not
> > > big
> > > > overhauls.
> > > >
> > > > Finishing the client storage API may be useful, but to be honest not
> many
> > > > people have been interested here. I'd rather see a simpler client
> store
> > > > where it's easier to replace with a custom store. I don't think
> there's
> > > > need to federate multiple client stores for a single realm.
> > > >
> > > > For LDAP I'm not sure what you mean about separate core and user
> stuff.
> > > It
> > > > is only a user store, at least now. Are you perhaps thinking about
> > > storing
> > > > clients in LDAP?
> > > >
> > > > On Sat, 8 Jun 2019 at 08:46, Justin Gross <jgross.biz at gmail.com>
> wrote:
> > > >
> > > > > Good afternoon, good evening and good morning everyone! I am
> Justin and
> > > > > I’d like to start contributing to Keycloak.
> > > > >
> > > > > Is there anyone on the list that is interested in the continuing
> > > > > development of Client Storage SPI? (KEYCLOAK-6408 in JIRA)
> > > > >
> > > > > If you answered yes to the above, what storage systems/software
> are you
> > > > > interested in using for client storage?
> > > > >
> > > > > Preparing to take on some of the things listed in KEYCLOAK-6408.
> > > > >
> > > > > I am in the middle of a lite refactoring of some useful things
> which
> > > are
> > > > > currently specific to user storage federation such as
> > > > > SynchronizationResult, ImportSynchronization, etc… so they can be
> used
> > > by
> > > > > the yet to be finished Client Storage API.
> > > > >
> > > > > I also plan to refactor some of the LDAP federation stuff so that
> the
> > > user
> > > > > specific stuff is separate from the core LDAP functionality itself.
> > > > > Eventually I want to use LDAP to store client configuration and
> > > there’s a
> > > > > lot of useful LDAP functionality stashed away in the user
> federation
> > > stuff.
> > > > >
> > > > >
> > > > > Thank you,
> > > > >
> > > > > Justin Gross
> > > > >
> > > > > _______________________________________________
> > > > > keycloak-dev mailing list
> > > > > keycloak-dev at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > > > _______________________________________________
> > > > keycloak-dev mailing list
> > > > keycloak-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >
> > >
>
>


More information about the keycloak-dev mailing list