[keycloak-user] Change keycloak.json adapter config on the fly

Scott Rossillo srossillo at smartling.com
Mon Jul 6 09:52:57 EDT 2015


Well, the keycloak.json config is just a means to configure
a KeycloakDeployment from an AdapterConfig object. Specifically for the the
Spring adapter, the AdapterDeploymentContextBean would have to be aware
that the deployment changed. There would be a minimal amount of code needed
to support that and we can modify AdapterDeploymentContextBean to be more
flexible.

Just so I understand what you're asking for: you want to be able to update
a KeycloakDeployment on-the-fly, correct? Also, you're aware that a
keycloak.json can be configured at startup via either environment variables
on command like properties, correct? You have to change at runtime?

I think the AdapterDeploymentContextBean should be as flexible as possible,
however I have a small concern about the security of allowing certain
properties to be swapped at runtime (e.g. the realm-public-key and
the auth-server-url).

Best,
Scott


On Mon, Jul 6, 2015 at 7:33 AM, Orestis Tsakiridis <
orestis.tsakiridis at telestax.com> wrote:

> Hello,
>
> I'm securing a REST bearer-only application using keycloak.
>
> Is there any way to change keycloak.json adapter config file on the fly so
> that it can take effect without restarting the container?
>
> Will just editing keycloak.json work? I guess not.
>
> What i want to do is complete an administrative task that will provide the
> information needed for keycloak.json such as 'resource', edit keycloak.json
> and then make this configuration effective for the REST api.
>
>
> Best regards
>
> Orestis
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150706/63307723/attachment-0001.html 


More information about the keycloak-user mailing list