[prev in list] [next in list] [prev in thread] [next in thread]
List: keycloak-dev
Subject: [keycloak-dev] User SPI cache policies
From: bburke () redhat ! com (Bill Burke)
Date: 2016-10-31 18:33:17
Message-ID: 742bd089-d45b-d1f1-2fc4-db44c50dad18 () redhat ! com
[Download RAW message or body]
You need to know the user before you can evict it. username can be
obtained differently from multiple different authenticators: spnego,
username/password UI, basic auth, etc..
On 10/31/16 9:41 AM, Stian Thorgersen wrote:
> Could we not do it as a special first authenticator in the flow?
>
> On 31 October 2016 at 14:08, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>
>
> On 10/31/16 8:51 AM, Stian Thorgersen wrote:
>>
>>
>> On 31 October 2016 at 13:49, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>>
>>
>> On 10/31/16 1:48 AM, Stian Thorgersen wrote:
>>
>> What about evict on authenticate (load from store when
>> user authenticates)? I think that would be the most
>> useful policy.
>>
>> That would need to be implemented at the authenticator level.
>>
>>
>> Implementation details aside, should we not have it? It seems
>> like the most likely time you want to fetch the user and
>> especially credentials.
> Yeah, its a great idea. Implementation details matter though as
> I'm not sure this can be reliably done without coding this in each
> top-level authenticator and requiring an authenticator provider
> developer to be aware of this policy.
>
> Bill
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic