[keycloak-dev] Import users from new User Federation
Stian Thorgersen
sthorger at redhat.com
Fri Aug 19 02:38:12 EDT 2016
On 18 August 2016 at 20:30, Bill Burke <bburke at redhat.com> wrote:
>
> On 8/18/16 4:59 AM, Stian Thorgersen wrote:
> > Bill,
> >
> > Are you planing to have an option to allow import of users with the
> > new user federation SPI? I'm not convinced we should completely remove
> > this option.
> >
>
> The only callback that does not exist in the new SPI is
> validateAndProxy(). With the current federation SPI, the developer
> implements everything themselves for import. There are no
> synchronization APIs/SPIs either.
> > Some use-cases I could imagine:
> >
> > * Allow users to authenticate even if LDAP server is down
> Our current LDAP provider will not work if LDAP is down, even with the
> import :)
>
>
> > * Allow migrating users away from LDAP
>
> We can do anything we want for our LDAP implementation. This doesn't
> mean that the SPI should have special support methods and interfaces for
> synchronization and import.
>
I'd say migrating from one provider to the built-in provider (or even a
different provider) is something that shouldn't be done by the provider
themselves, but rather some sort of migration manager util.
>
> Bill
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160819/ed0fc477/attachment.html
More information about the keycloak-dev
mailing list