[keycloak-user] Keycloak data stores - Config, User, Realm, Session ...

Santosh Haranath santosh.haranath at gmail.com
Tue Jan 10 01:31:01 EST 2017


We are evaluating to use Keycloak for a multi-tenant access management
solution deployed across 2 regions. Red Hat OpenShift Container Platform
version 3.3 is the deployment platform.

We have some data model constraints which requires us to use LDAP store.

- What is Keycloak's configuration store? How is configuration
synchronized? Where is SAML meta data, OAuth Client credentials etc.
stored?

- I have read concerns about Mongo DB data store due to transaction
requirements and possible removal of support from V3. Which SPI requires
transactions? When is Version 3 due ?

- Can we split data store responsibilities as below?

SPI   ->  Data Store Provider
/subsystem=keycloak-server/spi=realm ->  Mongo
/subsystem=keycloak-server/spi=user -> LDAP
/subsystem=keycloak-server/spi=userSessionPersister -> Infinispan
/subsystem=keycloak-server/spi=authorizationPersister -> Infinispan
/subsystem=keycloak-server/spi=userFederatedStorage -> LDAP
/subsystem=keycloak-server/spi=eventsStore -> Mongo


Thanks.


More information about the keycloak-user mailing list