[keycloak-dev] Custom federation - webservice

Jorge M. jm85martins at gmail.com
Mon Dec 14 11:15:33 EST 2015 

I agree. I think that could solve these issues. Is that something that can
go on a near release?

Thank yoy
On 11 Dec 2015 12:15, "Vlastimil Elias" <velias at redhat.com> wrote:

>
>
> On 11.12.2015 12:19, Marek Posolda wrote:
>
> I think what we can possibly do is:
>
> 1) Improve KeycloakTransactionManager to allow enlist with "priority" .
> Instead of methods:
>
> void enlist(KeycloakTransaction transaction);
> void enlistAfterCompletion(KeycloakTransaction transaction);
>
> we will have single method:
>
> void enlist(KeycloakTransaction transaction, int priority);
>
> By default, JPA will enlist transaction with priority 10 and infinispan
> with priority 20 or something like that.
>
> This change will allow to enlist your transaction in your
> FederationProvider with exact priority. So you can choose whether the
> commit will happen  before JPA commit, or after JPA commit or even after
> infinispan commit etc.
>
>
> +1, this may help to resolve current problems
>
> 2) Make TxAwareLDAPUserModelDelegate class more generic and reusable for
> other federation providers
>
>
> may also help, but point 1 with correct documentation is main what we have
> to do
>
> Thanks
>
> Vlastimil
>
>
> Marek
>
> On 11/12/15 10:50, Vlastimil Elias wrote:
>
> Hi,
>
> I use similar approach and problem is (at least I think) that local DB
> transaction is already commited when our code runs. It has two negative
> effects:
> - if remote service call is successful you are not able to write anything
> locally as Jorge mentioned
> - if remote service call fails local DB record is commited already and it
> is hard to implement correct error handling
>
> So I think User Federation SPI should be extended by exact method which
> allows atomic call of backend during user creation or update before local
> transaction is commited. I already created issue for it but not resolved
> yet https://issues.jboss.org/browse/KEYCLOAK-1075
>
> Vlastimil
>
> On 10.12.2015 18:49, Jorge M. wrote:
>
> Hi,
>
> I think I'm in the right track now. I'm being able to call the webservice
> before commit. However, when the user is sucessfully created by the
> webservice, I need to update my local user to add a property with the
> external user id. How can I do that in the same transaction?
> I'm trying to set the property on the managed delegate user model, but it
> has no effect.
>
> Thank you!
> On 9 Dec 2015 18:39, "Marek Posolda" <mposolda at redhat.com> wrote:
>
>> On 09/12/15 19:33, Jorge M. wrote:
>>
>> I'm developing a custom federation that communicates with my user
>> repository via webservices.
>> Probably this is a very strange scenario for a federation but that's the
>> unique way that I have to communicate with the repository.
>>
>> My problem is that, as the webservices only exposes methods such as
>> createUser and updateUser, I'm having problems with registrations and user
>> profile updates because I'm not being able to do atomic calls to the
>> webservice methods, with all the information that I need.
>>
>> As far as I know, from the properties file example and from the ldap
>> federation source (probably I'm missing something) it seems that the
>> federation api is intended to update and sync attribute by attribute
>> (Keycloak <-> Federation).
>> Am i wrong? Do you suggest another approach? Should I give up from having
>> a federation that uses a webservice?
>>
>> You can use "transaction wrapper", which will allow you to store all the
>> updates to user locally, but send the UPDATE request to your webservice
>> later at transaction commit time. You may need to create custom transaction
>> and enlist it with Keycloak TransactionManager.
>>
>> This is what we have for LDAP federation provider right now. See
>> TxAwareLDAPUserModelDelegate.
>>
>> Marek
>>
>> Thank you.
>>
>>
>> _______________________________________________
>> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
>
> _______________________________________________
> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
> --
> Vlastimil Elias
> Principal Software Engineer
> Developer Portal Engineering Team
>
>
>
> _______________________________________________
> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
> --
> Vlastimil Elias
> Principal Software Engineer
> Developer Portal Engineering Team
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151214/ae1d18a3/attachment-0001.html

More information about the keycloak-dev mailing list