Allowed characters and Internationalization
| Entity | Field | Supports utf8 characters | length | Keycloak limitation | MACMA limitation |
|---|---|---|---|---|---|
tenant |
|||||
id |
No |
limited to 36 characters |
|||
name |
Yes |
255 |
this is actually the display name in Keycloak. the name is a UUID generated by MACMA. limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
||
application |
|||||
clientId |
No |
50 |
not selectable by user input |
||
name |
No |
255 |
limited to 255 characters |
limited to regexp ="a-zA-Z0-9\\-_+=()\\[\\]#.@&%!',;$"varchar(255) |
|
displayName |
Yes |
255 |
limited to 255 characters |
limited to regexp ="a-zA-Z0-9ßüöäÜÖÄ\\-_+=()\\[\\]#.@&%!',;$" |
|
clientSecret |
Yes |
200 |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
||
redirectUris[] |
- |
255 |
limited to 255 characters |
java.net.URL constructor is used to validate the string |
|
webOrigins[] |
- |
255 |
limited to 255 characters |
java.net.URL constructor is used to validate the string |
|
application-role |
|||||
type |
- |
not selectable |
|||
name |
No |
200 |
Keycloak works with international characters |
limited to regexp = "^[a-zA-Z0-9_\\-]+$" |
|
displayName |
Yes |
255 |
limited to 255 characters |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
|
description |
255 |
limited to 255 characters |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
||
resource |
|||||
id |
No |
255 |
limited to regexp ="A-Za-z0-9()+,\\-.:=@;$_!*'%/?#" |
||
type |
No |
255 |
limited to regexp ="A-Za-z0-9()+,\\-.:=@;$_!*'%/?#" |
||
name |
Yes |
255 |
limited to regexp ="a-zA-Z0-9ßüöäÜÖÄ\\-_+=()\\[\\]#.@&%!',;$" |
||
description |
Yes |
255 |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
||
iconUri |
- |
255 |
limited to 255 characters |
checked by trying to create a java.net.URI |
|
permission |
|||||
resourceId |
No |
255 |
limited to regexp ="A-Za-z0-9()+,\\-.:=@;$_!*'%/?#" |
||
resourceType |
No |
255 |
limited to regexp ="A-Za-z0-9()+,\\-.:=@;$_!*'%/?#" |
||
tenant-role |
|||||
type |
- |
not selectable |
|||
name |
No |
200 |
Keycloak can work with international characters |
limited by regexp = "^[a-zA-Z0-9_\\-]+$" |
|
displayName |
No |
255 |
Keycloak can work with international characters |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
|
description |
No |
255 |
Keycloak can work with international characters |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
|
user |
|||||
username |
Yes |
1..255 |
converted to lowercase |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
|
firstName |
Yes |
1..255 |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
||
lastName |
Yes |
1..255 |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
||
No |
1..255 |
|
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
||
password |
Yes |
5..200 |
because only a hash is stored, the length can be even more than 1000 characters,minimum requirement managed by Keycloak policy |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
|
group |
|||||
name |
No |
1..255 |
Keycloak can work with international characters |
group name is limited to |
|
contract |
|||||
name |
Yes |
1..255 |
not stored in Keycloak |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
|
description |
Yes |
255 |
not stored in Keycloak |
limited by regular expression "\\p{IsAlphabetic}\\p{IsDigit}/\\-_+=()\\[\\]#.@&%!:,;'$?/*" |
|
-
resource name
-
policy name
-
scope name
-
permission name
-
Since we need uniqueness in Keycloak for those entities, we are creating names for permissions like "access-manager/$all.applications/urn:com:bosch:bci:macma:entity:applications/permission", containing the role, the resource and urn. Having large role or resource names, might be result in an issue, since we are here limited to 255 chars as well.