Closed Tristanden closed 6 months ago
I took a quick look at the keycloak implementation. It seems possible to override the import/export provider but it would be an additional source that might cause regressions with any keycloak update since I would have to override the following code:
@Override
public void exportRealm(KeycloakSessionFactory factory, final String realmName) throws IOException {
logger.infof("Exporting realm '%s' into file %s", realmName, this.file.getAbsolutePath());
KeycloakModelUtils.runJobInTransaction(factory, new ExportImportSessionTask() {
@Override
protected void runExportImportTask(KeycloakSession session) throws IOException {
RealmModel realm = session.realms().getRealmByName(realmName);
RealmRepresentation realmRep = ExportUtils.exportRealm(session, realm, true, true);
writeToFile(realmRep);
}
});
}
If this code changes without noticing it I would break the export/import functionality.
A better solution would probably be to add an additional import/export endpoint that handles the SCIM configuration. But I am currently pretty overloaded with work. I cannot give any assurances when I will be able to do it.
import/export is available in the newer versions at https://scim-for-keycloak.de
For deploying the SCIM connector in a real "production" environment, we would ideally need to rely on the export/import feature of Keycloak to support configuration as code.
It seems that the SCIM provider configuration is not handled by the default import/export mechanisms. Have you already looked at how this could be done ? My first thought is that it could be exposed as a "component" configuration which would save us from changing the export/import endpoints. Any idea?
Thanks, Tristan