[keycloak-user] adding realm level configuration parameter
Dmitry Telegin
mitya at cargosoft.ru
Mon Jan 22 15:20:40 EST 2018
Hi Ori,
> Hi Dmitry,
>
> Thank you very much for your answer.
>
>
>
> 1)
> I assume that ‘realm_attribute’ table has no control from the Web UI
> admin console. Does it?
Upon introduction of realm attributes, we were discussing such an
option, see comments here: https://github.com/keycloak/keycloak/pull/31
53That time we didn't come up with any conclusion if the GUI were
indeed necessary; another consideration was the introduction of
components, which I thought would have replaced realm attributes one
day. However I think the component system has a bit different scope;
this also might be of some interest for you, take a look at
org.keycloak.component package in the keycloak-server-spi module.
>
> 2)
> How did you implement the global configurqation?
I've roughly outlined it in my posting to keycloak-dev: http://lists.jb
oss.org/pipermail/keycloak-dev/2017-December/010261.htmlIn a few words,
there will be a ConfigurationProvider to configure and expose
Configuration instance to providers. This will be implemented with
Apache Commons Configuration, backed by a database table and proxied
with Infinispan to provide clustering support. BTW this component will
be opensourced (tentatively, by mid-February).
Cheers,Dmitry
>
>
> Thanks,
>
> Ori
>
>
>
>
>
> From: Dmitry Telegin [mailto:mitya at cargosoft.ru]
>
>
> Sent: Monday, January 22, 2018 13:03
>
> To: Ori Doolman <Ori.Doolman at Amdocs.com>; keycloak-user at lists.jboss.o
> rg
>
> Subject: Re: [keycloak-user] adding realm level configuration
> parameter
>
>
>
>
> Hi Ori,
>
>
>
>
>
> In Keycloak, realms do have their own attributes. Starting with
> 2.2.0, they are exposed as
> org.keycloak.models.RealmModel::{get,set}Attribute*() methods, so I
> suggest that you take a look at them. Seems like exactly what you
> need - just
> make sure your attribute names do not clash with internal ones
> (examine realm_attribute table contents for that). It will be pretty
> safe to prefix your attribute names with something unique, like
> "com.amdocs.*"
>
>
>
>
>
> If you need truly *global* persistent configuration (i.e. not bound
> to any realm), unfortunately there's no such functionality in KC at
> the moment, but I'm implementing the same for my company's needs. Let
> me know if you're interested.
>
>
>
>
>
> Cheers,
>
>
> Dmitry
>
>
>
>
>
> Hi,
>
> Any answer on that??
>
>
>
> Thanks,
>
> Ori .
>
>
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bou
> nces at lists.jboss.org] On Behalf Of Ori Doolman
> Sent: Tuesday, January 16, 2018 00:00
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] adding realm level configuration parameter
>
> Hi,
> I want to perform some customization to Keycloak using existing SPIs.
> For that, I need to store a configuration parameter (may be different
> value per realm).
> What is the way to achieve that? Is there an SPI to extend the realm
> properties?
> The only solution I can think of now is setting a custom attribute in
> the users group of the realm.
>
>
> Thanks,
>
> Ori Doolman
> Lead Software Architect
> Amdocs Optima
>
> +972 9 778 6914 (office)
> +972 50 9111442 (mobile)
>
> [cid:image001.png at 01D2C8DE.BFF33E10]
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
>
> you may review at https://www.amdocs.com/about/email-disclaimer
> <https://www.amdocs.com/about/email-disclaimer>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
>
> you may review at https://www.amdocs.com/about/email-disclaimer
> <https://www.amdocs.com/about/email-disclaimer>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
> you may review at https://www.amdocs.com/about/email-disclaimer
>
More information about the keycloak-user
mailing list