[keycloak-dev] User SPI

[Bill Burke]

Documentation is coming soon in 2.4.1.  Sorry for delay.  Just in the 
middle of porting the LDAP and other providers to new SPI.

https://github.com/keycloak/keycloak/tree/master/examples/providers/user-storage-jpa

Example needs to be updated to tell you you need to configure ExampleDS 
or KeycloakDS as an xa-datasource.  Wildfly barfs when you two 
datasources in the same transaction and neither are XA enabled.


On 11/21/16 7:40 PM, Muein Muzamil wrote:
> Hi all,
>
> A gentle reminder to my query regarding User SPI.
>
> Regards,
> Muein
>
> On Wed, Nov 16, 2016 at 6:52 PM, Muein Muzamil <
> shmuein+keycloak-dev at gmail.com> wrote:
>
>> Hi all,
>>
>> We have implemented custom authenticators to integrate with an external
>> authentication API. After successful authentication, the API returns user
>> attributes back. Right now we save this user into DB as shown below, which
>> works well.
>>
>> user = userFederationManager.addUser(context.getRealm(), username)
>> user.setEnabled(true);
>>
>> mapUserAttributesToUserModel(user, userAttributes);
>>
>> context.setUser(user);
>>
>>
>> We have some privacy and security related requirements because we which we
>> don't want to store user information in KeyCloak database for a longer
>> period. We were thinking to implement some scheduled job to clean up user
>> data from KeyCloak database but I noticed that in KeyCloak 2.3 new User SPI
>> is introduced which allows users to be pull in without sync in user into
>> KeyCloak database.
>>
>>     1. So I was wondering how can I use this SPI to avoid storing user
>>     data in DB.
>>     2. Can I imagine sticking user information in session and returning
>>     user information from User SPI?
>>     3. Do we have any sample implementations or documentation available
>>     for User SPI?
>>
>> Regards,
>> Muein
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev