[keycloak-dev] Can I use this method in RepresentationToModel?
Bill Burke
bburke at redhat.com
Fri Oct 16 10:48:41 EDT 2015
Import was really mostly targeted to migration or our demos or the
testsuite.
For migration, you would be importing a previous export of the local
keycloak storage and thus would not want to go through federation.
I guess import would need a switch on whether if it is an import into
local keycloak storage only or not?
On 10/16/2015 9:33 AM, Stan Silvert wrote:
> Hmm. Sounds like during import we are making some assumptions about how
> the import file was created.
>
> Like I said, when you import a realm from the admin console today it
> uses session.userStorage().addUser(). So someone using this feature
> should be aware that anything imported will not be federated. (If I
> understand correctly)
>
> Is that OK?
>
> Is it OK going forward for partial imports? No federation?
>
> On 10/16/2015 2:45 AM, Marek Posolda wrote:
>> The session.userStorage().addUser() adds user directly to KC
>> persistent storage (JPA, Mongo) and bypasses federation.
>>
>> When you're creating new user through Keycloak somehow (for example in
>> admin console or during user registration), there is need to use
>> "session.users().addUser()", so the user is propagated to federation
>> storage as well. For example, if you have configured LDAP federation
>> provider with WRITE editMode, the user will be created to LDAP as well
>> in addition to Keycloak database. However during import, user usually
>> already exists in LDAP as he was exported from previous environment.
>>
>> It's bit similar for example for default roles. When you create new
>> user in admin console/registration, default roles are added to him.
>> However during import, they are not as the user is supposed to have
>> them already from previously exported DB.
>>
>> Marek
>>
>> On 15/10/15 23:28, Stan Silvert wrote:
>>> Looks like import realm is using the same method so I guess it's OK. It
>>> would still be interesting to know a bit about the effect of calling
>>> session.userStorage().addUser() versus session.users().addUser(). We are
>>> just relying on the provider settings to sync federated users?
>>>
>>> On 10/15/2015 5:07 PM, Stan Silvert wrote:
>>>> I'm implementing import users from the admin console. I'd like to use
>>>> this method to create each user:
>>>> https://github.com/keycloak/keycloak/blob/master/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java#L923
>>>>
>>>>
>>>> But I'm not sure of the effect since this method uses
>>>> session.userStorage().addUser() instead of session.users().addUser().
>>>>
>>>> Anyone care to enlighten me?
>>>>
>>>> Stan
>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list