Is it safe to use realm attributes as configuration for extensions?

Just pinging to see if others have an opinion on this. I have used realm attributes as a mechanism of storing configuration attributes for custom extensions. This is something I’ve done for several years, in many deployments of Keycloak.

Recently, I had it reported that the attributes will disappear from the table. I assumed this was someone overwriting the attributes hash in the realm when updating some other element of the realm. However, I am never able to find an event indicating that the realm was updated, but can confirm that the attribute does disappear. Has anyone encountered a similar problem? I know that there are many extensions out in the wild that use this practice.

Maybe a question for the Keycloak developers. Is it safe to use realm attributes as configuration for extensions? Assuming you pick a unique namespace, what are the potential problems with this practice?

Hi!
Are you aware you can create configuration metadata to your custom provider?
https://www.keycloak.org/docs/latest/server_development/#configuration-example

Hope this helps…

Christian

Yes! I am aware of ConfiguredProvider and ProviderConfigProperty, but AFAIK, those are only for custom provider types that have sections in the Admin UI, and that are stored in entities that have config fields so that the k/v configuration pairs can be stored along with them.

For types like EventListenerProviderFactory and RealmResourceProvider, there is no Admin UI, and no ability for the underlying entity to store a config. These are the situations where I have used realm attributes to store the config.

If I’m using it wrong, and you know differently, please help me to understand how I could use it properly. Thank you!