[keycloak-user] adding realm level configuration parameter

Dmitry Telegin mitya at cargosoft.ru
Mon Jan 22 15:20:40 EST 2018 

Hi Ori,
> Hi Dmitry,
> 
> Thank you very much for your answer.
> 
>  
> 
> 1)     
> I assume that ‘realm_attribute’ table has no control from the Web UI
> admin console. Does it?

Upon introduction of realm attributes, we were discussing such an
option, see comments here: https://github.com/keycloak/keycloak/pull/31
53That time we didn't come up with any conclusion if the GUI were
indeed necessary; another consideration was the introduction of
components, which I thought would have replaced realm attributes one
day. However I think the component system has a bit different scope;
this also might be of some interest for you, take a look at
org.keycloak.component package in the keycloak-server-spi module.
> 
> 2)     
> How did you implement the global configurqation?

I've roughly outlined it in my posting to keycloak-dev: http://lists.jb
oss.org/pipermail/keycloak-dev/2017-December/010261.htmlIn a few words,
there will be a ConfigurationProvider to configure and expose
Configuration instance to providers. This will be implemented with
Apache Commons Configuration, backed by a database table and proxied
with Infinispan to provide clustering support. BTW this component will
be opensourced (tentatively, by mid-February).
Cheers,Dmitry
>  
>  
> Thanks,
>  
> Ori
> 
>  
> 
> 
> 
> From: Dmitry Telegin [mailto:mitya at cargosoft.ru]
> 
> 
> Sent: Monday, January 22, 2018 13:03
> 
> To: Ori Doolman <Ori.Doolman at Amdocs.com>; keycloak-user at lists.jboss.o
> rg
> 
> Subject: Re: [keycloak-user] adding realm level configuration
> parameter
> 
> 
>  
> 
> Hi Ori,
> 
> 
>  
> 
> 
> In Keycloak, realms do have their own attributes. Starting with
> 2.2.0, they are exposed as
> org.keycloak.models.RealmModel::{get,set}Attribute*() methods, so I
> suggest that you take a look at them. Seems like exactly what you
> need - just
>  make sure your attribute names do not clash with internal ones
> (examine realm_attribute table contents for that). It will be pretty
> safe to prefix your attribute names with something unique, like
> "com.amdocs.*"
> 
> 
>  
> 
> 
> If you need truly *global* persistent configuration (i.e. not bound
> to any realm), unfortunately there's no such functionality in KC at
> the moment, but I'm implementing the same for my company's needs. Let
> me know if you're interested.
> 
> 
>  
> 
> 
> Cheers,
> 
> 
> Dmitry 
> 
> 
>  
> 
> 
> Hi,
>  
> Any answer on that??
>  
>  
>  
> Thanks,
>  
> Ori .
>  
>  
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bou
> nces at lists.jboss.org] On Behalf Of Ori Doolman
> Sent: Tuesday, January 16, 2018 00:00
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] adding realm level configuration parameter
>  
> Hi,
> I want to perform some customization to Keycloak using existing SPIs.
> For that, I need to store a configuration parameter (may be different
> value per realm).
> What is the way to achieve that? Is there an SPI to extend the realm
> properties?
> The only solution I can think of now is setting a custom attribute in
> the users group of the realm.
>  
>  
> Thanks,
>  
> Ori Doolman
> Lead Software Architect
> Amdocs Optima
>  
> +972 9 778 6914 (office)
> +972 50 9111442 (mobile)
>  
> [cid:image001.png at 01D2C8DE.BFF33E10]
>  
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
>  
> you may review at https://www.amdocs.com/about/email-disclaimer
> <https://www.amdocs.com/about/email-disclaimer>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
>  
> you may review at https://www.amdocs.com/about/email-disclaimer
> <https://www.amdocs.com/about/email-disclaimer>
>  
>  
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
> you may review at https://www.amdocs.com/about/email-disclaimer
>

More information about the keycloak-user mailing list