Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom user federation with extra config parameters. #133

Closed
tomrutsaert opened this issue Jul 9, 2019 · 3 comments
Closed

Support custom user federation with extra config parameters. #133

tomrutsaert opened this issue Jul 9, 2019 · 3 comments

Comments

@tomrutsaert
Copy link
Contributor

We have a custom user federation SPI that connects to our legacy my_users postgresql database.
In our Custom SPI we have some extra config parameters: jdbc_url, user, ...

We were hoping that we could pass along these extra config parameters through the keycloak_custom_user_federation terraform config.
But it seems that the "keycloak_custom_user_federation" only knows the fields that were defined in CustomUserFederation struct.

Is there a way to make our config work with current implementation?
If not, what would need to be changed, so that custom user federation with extra config parameters would work. Can we work with a config map variable?

I would prefer not to fork this project to extend CustomUserFederation struct with our specific case config fields. I rather create generic solution for all custom federation SPIs.

we would have following config

resource "keycloak_custom_user_federation" "my-user-fed" {
	name        	= "my-user-fed"
	realm_id    	= "${keycloak_realm.test.id}"
	enabled     	= true
	priority 		= "0"
	jdbc_url 		= "jdbc:postgresql://postgres:5432/my_users"
	user			= "myuser"
	password	= "mypassword"

	cache_policy 	= "DEFAULT"
}

or perhaps

resource "keycloak_custom_user_federation" "my-user-fed" {
	name        	= "my-user-fed"
	realm_id    	= "${keycloak_realm.test.id}"
	enabled     	= true
	priority 		= "0"
        extra_config  {
	       jdbc_url 		= "jdbc:postgresql://postgres:5432/my_users"
	       user			= "myuser"
	       password	        = "mypassword"
        }
	cache_policy 	= "DEFAULT"
}
@tomrutsaert
Copy link
Contributor Author

I have the same question for a custom identity provider with extra config.

@mrparkers
Copy link
Contributor

I'm in favor of an attribute like config or extra_config that can just be a map to send arbitrary values to the Keycloak API for this.

I don't think the first solution you suggested (having these attributes at the top level) is possible.

For what it's worth, the custom user federation SPI implementation we use just uses environment variables for configuration which works well enough for us - so I didn't bother implementing this feature at the time. But I can understand why someone would prefer to use the Keycloak API to configure this instead.

@tomrutsaert
Copy link
Contributor Author

I have created #134

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrparkers @tomrutsaert