-
Notifications
You must be signed in to change notification settings - Fork 6.6k
-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Identity providers: Pagination in account console (and account REST API) #21261
Comments
@mposolda @sguilhen I am thinking that we can separate REST API and ui PRs keeping backward compatibility for REST API as mentioned in the previous PR. Moreover, linked IdPs are little (max 3 even for us) . So, I am thinking that we could have pager only for unlinked IdPs and get linked IdPs from federated identity similar as in admin console. Do you agree? Could we have in your IdP search criteria a way to exclude linked IdPs ids (or alias)? |
@cgeorgilakis I agree with separating the changes... I wouldn't differentiate between linked vs unliked for pagination, even if the number of linked idps should likely be a low one. Regarding the criteria, I think we can make something work for that using the search by attributes if I change the Then we could have an option in the attributes map (something like So code would look something like this:
And this would simply do a About orgs, I would like to discuss this with @pedroigor next week - I don't recall what we thought would be a good idea when the user is member of an org or has a domain that matches an org. We probably only want to show the realm IDPs (not linked to any org), and IDPs linked to the org(s) the user belongs to. Every other IDP should probably not be available for linking. |
If the number of linked accounts is really expected to be a low one, we can create a stream out of the aliases found in the federated identities and map them using |
@sguilhen @cgeorgilakis What do you think about these requirements around orgs and the account console? |
Given that the plan is to have a separate section for the the organizations in the account console, I agree that the IDPs related to orgs should not be visible for linking/unlinking. |
@sguilhen @cgeorgilakis I forgot to send the link in the comment #21261 (comment). See #31944. |
So, @pedroigor we need to have different account ui and different REST API pager for organization users based on #31944. After having the change in IdPs search and decide about linked user IdPs, I could provide a PR for account REST API for users not belonging in organization. Ui changes will follow. |
Hi @cgeorgilakis I will be working on the changes to allow for a search that fetches the IDPs while excluding the federated aliases. Probably using a key like "ALIASES_NOT_IN" and a value being the list of aliases separated by something like Regarding the linked accounts, I agree we should simply fetch the federated identities, get federation link, which IIRC is the provider's alias, and then simply call |
How could I take the organization user belong? @sguilhen I see that the method So I propose a new method that will search with
|
@cgeorgilakis I've just opened a PR with all changes to the endpoint, based on the work you guys did but already using the provider to filter things. (see #32581). Once that is merged, all we will need is the UI changes to call the endpoint using the new parameters. To search by alias (partial search or exact search) there's a param called For organizations we have another param called To find ids that don't match the federated ones, I've introduced another param called |
Thank you. |
Yup, as far as I can see the change would be in tbe |
@cgeorgilakis The changes to the rest endpoint have been merged, so it is already possible to rework the console to invoke the endpoint and fetch linked/unlinked idps independently in paginated fashion. Do you think your team will be able to send a PR for the frontend? |
For sure. I believe my colleague will succeed to submit the PR next week. |
@cgeorgilakis Let me know if this is something you guys can deliver by the end of the week (in time for proper reviews before 26 is out) or if you need the Keycloak team to take this. |
@sguilhen My colleague @linathedog will sumbit the PR until Friday. |
Excellent, thank you! |
Closes keycloak#21261 Signed-off-by: Andreas Kozadinos <koza-sparrow@hotmail.com>
@sguilhen Hello, i submitted the PR containing the UI changes to add pagination when displaying Identity Providers in Linked Accounts page on the account console. |
Hello @linathedog ! Thank you very much for the effort you and your team have put into it. I'll start chasing the necessary reviews! |
in favour of: keycloak#32913 fixes: keycloak#21261 Co-authored-by: Andreas Kozadinos <koza-sparrow@hotmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Description
See https://issues.redhat.com/browse/KEYCLOAK-18061 and #8609
Discussion
#8609
Motivation
No response
Details
No response
The text was updated successfully, but these errors were encountered: