Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Request for Enhancement: Make x509cert-lookup SPI public #33818

New issue
New issue
Open
enhancement
#45010
Open
Request for Enhancement: Make x509cert-lookup SPI public#33818
enhancement
#45010
Labels
kind/enhancementCategorizes a PR related to an enhancementstatus/triageteam/cloud-nativeteam/core-shared
Milestone
Future
@tsaarni

Description

@tsaarni
tsaarni
opened on Oct 11, 2024

Description

Please consider changing the status of x509cert-lookup SPI from private to public.

Discussion

#33159 (comment)

Motivation

The project promotes the development of client certificate lookups for various proxies as extensions. See discussions in PRs #33159 and #31778.

To support the extension development, it would be great for Keycloak to ensure the stability of this SPI.

Details

Currently, the SPI is marked as internal

keycloak/services/src/main/java/org/keycloak/services/x509/X509ClientCertificateLookupSpi.java

Lines 33 to 36 in 2f1307a

@Override
public boolean isInternal() {
return true;
}

This results in a warning when Keycloak is started with an extension enabled:

2024-10-11 09:15:29,052 WARN  [org.key.services] (build-13) KC-SERVICES0047: envoy (io.github.nordix.keycloak.services.x509.EnvoyProxySslClientCertificateLookupFactory) is implementing the internal SPI x509cert-lookup. This SPI is internal and may change without notice

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/enhancementCategorizes a PR related to an enhancementstatus/triageteam/cloud-nativeteam/core-shared

    Type

    enhancement

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions