Tero Saarni

Kind reminder :heart: I'm still interested in workign for this getting merged :)

> What you can do though is increase the maximum number of cached entries (default is `100`): Just curious: couldn't concurrent modification still happen at the time cache is populated,...

**General remarks** The LDAP client requires keystore to be configured in order to configure the administrator's client certificate. When default SSLSocketFactory is used for the LDAP client, the default keystore...

Link to keycloak-dev https://groups.google.com/g/keycloak-dev/c/QwKjr2I8Eyg/m/qMAAZ0-1BAAJ

Hi @mposolda! Yes the feature is still valid from my point of view. SASL EXTERNAL can be used with LDAP today, by using small tricks https://github.com/tsaarni/cloud-playground/tree/master/kubernetes/keycloak, but it would be...

@mposolda Sorry, I have not had time yet to start with a proposal for the new Keystore SPI.

@mposolda I would like to pick this up now and I started to look at adding Keystore SPI. I found some design decision challenges where I would like to ask...

@mposolda I've added a commit that adds very initial draft of the new Keystore SPI for commenting and getting some guidance to the above topics. It is used only by...

@mposolda I have a remaining problem that I'd really appreciate some help: The tests fail occasionally because keystore will not always get configured and therefore client cert is not sent...

I removed the "SPI initialization race" by removing provider specific singleton (`TruststoreProviderSingleton` and corresponding one I had created for keystore SPI). Now the providers now register themselves to `org.keycloak.truststore.SSLSocketFactory` which...