[keycloak-dev] User SPI
Muein Muzamil
shmuein+keycloak-dev at gmail.com
Mon Nov 21 19:40:25 EST 2016
Hi all,
A gentle reminder to my query regarding User SPI.
Regards,
Muein
On Wed, Nov 16, 2016 at 6:52 PM, Muein Muzamil <
shmuein+keycloak-dev at gmail.com> wrote:
> Hi all,
>
> We have implemented custom authenticators to integrate with an external
> authentication API. After successful authentication, the API returns user
> attributes back. Right now we save this user into DB as shown below, which
> works well.
>
> user = userFederationManager.addUser(context.getRealm(), username)
> user.setEnabled(true);
>
> mapUserAttributesToUserModel(user, userAttributes);
>
> context.setUser(user);
>
>
> We have some privacy and security related requirements because we which we
> don't want to store user information in KeyCloak database for a longer
> period. We were thinking to implement some scheduled job to clean up user
> data from KeyCloak database but I noticed that in KeyCloak 2.3 new User SPI
> is introduced which allows users to be pull in without sync in user into
> KeyCloak database.
>
> 1. So I was wondering how can I use this SPI to avoid storing user
> data in DB.
> 2. Can I imagine sticking user information in session and returning
> user information from User SPI?
> 3. Do we have any sample implementations or documentation available
> for User SPI?
>
> Regards,
> Muein
>
More information about the keycloak-dev
mailing list