Re: [keycloak-user] Request to reopen KEYCLOAK-9515

174 views
Skip to first unread message

Schuster Sebastian (IOC/PAU1)

unread,
Oct 27, 2021, 11:32:05 AM10/27/21
to Boris Brönner, Keycloak Dev

I would also say 255 characters is a bit short for some use cases. Maybe go for VARCHAR(2024) like in the FED_USER_ATTRIBUTE table?

Or is there any specific reason why it should be less for non-federated users?

 

Best regards,

Sebastian

 

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster

Product Area User Management (IOC/PAU1)
Robert Bosch GmbH | Postfach 10 60 50 | 70049 Stuttgart | GERMANY | www.bosch.com
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Telefax +49 30 726112-100 | Sebastian...@bosch.io

Sitz: Stuttgart, Registergericht: Amtsgericht Stuttgart, HRB 14000;
Aufsichtsratsvorsitzender: Franz Fehrenbach; Geschäftsführung: Dr. Volkmar Denner,
Prof. Dr. Stefan Asenkerschbaumer, Filiz Albrecht, Dr. Christian Fischer, Dr. Stefan Hartung,
Dr. Markus Heyn, Harald Kröger, Rolf Najork

 

From: keyclo...@googlegroups.com <keyclo...@googlegroups.com> on behalf of Boris Brönner <borisb...@gmail.com>
Date: Monday, 25. October 2021 at 21:17
To: Keycloak User <keyclo...@googlegroups.com>
Subject: [keycloak-user] Request to reopen KEYCLOAK-9515

Dear keycloak developers,

 

It seems the above issue (https://issues.redhat.com/browse/KEYCLOAK-9515) won't be reopened. The decision was based mainly on a use-case where somebody wanted to store rather long JSON in an attribute.

 

I want you to reconsider this based on our use-case, which is quite simple: we have SSO enabled using Google. With that we want to import the "picture" attribute (cf. https://developers.google.com/identity/protocols/oauth2/openid-connect#an-id-tokens-payload). Which is a URL pointing to the user's picture.

 

That URL cannot be reimported because it's longer than the supported 255 maximum characters. Other mappers work fine, but this exact one fails with the exception that the text to be stored is longer than varchar(255). 

 

And this is no 10,000 character long data value, it's just the picture URL from a google profile.

 

What do you think?

 

Best regards,

Boris

 

 

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/a38c65da-59fd-45cb-8aeb-52ffd4b993een%40googlegroups.com.

COSTAS GEORGILAKIS

unread,
Nov 1, 2021, 9:38:11 AM11/1/21
to Keycloak Dev
Our team also has complex attributes from Identity Providers in json format ( more than 255 length) and release them in the same format in Clients. 
We can not split them into multiple properties as suggested in Keycloak jira issue because each property are related with other properties. 

We have openned a similar dev discussion without any reply.

Manfred Duchrow

unread,
Nov 2, 2021, 11:14:16 AM11/2/21
to Keycloak Dev
Hi,

I'm supporting this request.
Some customers of mine also have use cases where the limitation to 255 characters is too restrictive.

Cheers,
   Manfred

Reply all
Reply to author
Forward
0 new messages