[keycloak-dev] Import users from new User Federation

Scott Rossillo srossillo at smartling.com
Thu Aug 18 16:56:31 EDT 2016


So there will still be a validate credentials callback, right?

Scott Rossillo
Smartling | Senior Software Engineer
srossillo at smartling.com

> On Aug 18, 2016, at 2:30 PM, Bill Burke <bburke at redhat.com> wrote:
> 
> 
> On 8/18/16 4:59 AM, Stian Thorgersen wrote:
>> Bill,
>> 
>> Are you planing to have an option to allow import of users with the 
>> new user federation SPI? I'm not convinced we should completely remove 
>> this option.
>> 
> 
> The only callback that does not exist in the new SPI is 
> validateAndProxy().  With the current federation SPI, the developer 
> implements everything themselves for import.  There are no 
> synchronization APIs/SPIs either.
>> Some use-cases I could imagine:
>> 
>> * Allow users to authenticate even if LDAP server is down
> Our current LDAP provider will not work if LDAP is down, even with the 
> import :)
> 
> 
>> * Allow migrating users away from LDAP
> 
> We can do anything we want for our LDAP implementation.  This doesn't 
> mean that the SPI should have special support methods and interfaces for 
> synchronization and import.
> 
> Bill
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160818/d8be5455/attachment-0001.html 


More information about the keycloak-dev mailing list