Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Add Tenant Attributes with Token Mapper Support #56

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Feature: Add Tenant Attributes with Token Mapper Support #56

wants to merge 2 commits into from

Conversation

oleaasbo
Copy link

This PR introduces attribute support for tenants, allowing storage of configuration and metadata at the tenant level. The implementation follows Keycloak's established patterns for handling attributes, similar to how user and group attributes are managed.

Key Features

1. Tenant Attribute Storage

  • Multi-value attribute support
  • Efficient storage handling for both short (≤255 chars) and long values
  • Attribute validation for keys and values
  • Database schema updates with proper indexing for efficient queries

2. Token Integration

  • New TenantAttributeMapper for including tenant attributes in tokens
  • Support for both single and multi-valued attributes in token claims
  • Configurable claim names and attribute mapping

3. API Enhancements

  • Extended tenant API to support attribute operations
  • Attribute-based search functionality
  • Updated OpenAPI specification
  • Comprehensive test coverage

Implementation Details

Database Changes

  • New TENANT_ATTRIBUTE table with appropriate foreign key constraints
  • Optimized storage strategy:
    • Direct storage for values ≤255 characters
    • Separate long value storage with hash-based indexing
    • Support for case-sensitive and case-insensitive searches

API Changes

  • Enhanced tenant endpoints to handle attributes in create/update operations
  • Added attribute search parameter (q) to tenant listing endpoint
  • Validation for attribute keys and values
  • Backward compatible changes maintaining existing API contracts

Token Mapper

  • Configurable mapping of tenant attributes to token claims
  • Support for both single and multi-valued attributes
  • Integration with existing tenant token mapper infrastructure

Testing

Added comprehensive test coverage including:

  • Attribute CRUD operations
  • Search functionality
  • Token mapping
  • Edge cases (empty values, long values)
  • Validation scenarios

Usage Example

Creating a tenant with attributes:

POST /tenant
{
  "name": "Example Tenant",
  "attributes": {
    "department": ["IT"],
    "location": ["New York"]
  }
}

Searching tenants by attribute:

GET /tenants?q=department:IT

Token mapper configuration:

{
  "name": "Tenant Department",
  "protocol": "openid-connect",
  "protocolMapper": "oidc-tenant-attribute-mapper",
  "config": {
    "tenant.attribute.name": "department",
    "token.claim.name": "tenant_department",
    "multivalued": "true"
  }
}

Migration

  • Added Liquibase changelog for database schema updates
  • No breaking changes to existing functionality
  • Existing tenants remain unaffected

Documentation

  • Updated README with attribute feature overview
  • Enhanced OpenAPI specification with attribute-related schemas
  • Added code comments for maintainability

@oleaasbo
feat: Add tenant attributes with token mapper support
7f0a5b2 
- Add support for storing tenant attributes with multi-value capability
- Implement token mapper for including tenant attributes in tokens
- Support both short (<= 255 chars) and long values with efficient storage
- Add attribute search functionality to tenant listing API
- Include validation for attribute keys and values
- Update documentation in README and OpenAPI spec

The tenant attributes feature allows storing and retrieving configuration and metadata at the tenant level, with token mapper support making these attributes available in tokens for applications.
@oleaasbo
fix: update ApiIntegrationTest to align with listTenants changes
8f06649 
- Update test cases to include the new argument in the listTenants function
- Ensure tests remain consistent with recent changes made to the function signature

These changes were missed in the original commit introducing the new argument.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@oleaasbo