<div dir="ltr">I guess in certain situations this can be helpful. It doesn&#39;t solve the problem though so we need something smarter at some point, but we don&#39;t have the time to do it right now so would have to be for 2.x.</div><div class="gmail_extra"><br><div class="gmail_quote">On 14 December 2015 at 21:21, Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div>I think yes. It should be quite easy to
      change the signature of KeycloakTransactionManager methods. Just
      waiting if other team members agree and then we can possibly
      change fix version of <a href="https://issues.jboss.org/browse/KEYCLOAK-1075" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-1075</a>
      to 1.8 and do it for this release.<span class="HOEnZb"><font color="#888888"><br>
      <br>
      Marek</font></span><div><div class="h5"><br>
      <br>
      On 14/12/15 17:15, Jorge M. wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <p dir="ltr">I agree. I think that could solve these issues. Is
        that something that can go on a near release?</p>
      <p dir="ltr">Thank yoy</p>
      <div class="gmail_quote">On 11 Dec 2015 12:15, &quot;Vlastimil Elias&quot;
        &lt;<a href="mailto:velias@redhat.com" target="_blank">velias@redhat.com</a>&gt;
        wrote:<br type="attribution">
        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div text="#000000" bgcolor="#FFFFFF"> <br>
            <br>
            <div>On 11.12.2015 12:19, Marek Posolda wrote:<br>
            </div>
            <blockquote type="cite">
              <div>I think what we can possibly do is:<br>
                <br>
                1) Improve KeycloakTransactionManager to allow enlist
                with &quot;priority&quot; . Instead of methods:<br>
                <br>
                void enlist(KeycloakTransaction transaction);<br>
                void enlistAfterCompletion(KeycloakTransaction
                transaction);<br>
                <br>
                we will have single method:<br>
                <br>
                void enlist(KeycloakTransaction transaction, int
                priority);<br>
                <br>
                By default, JPA will enlist transaction with priority 10
                and infinispan with priority 20 or something like that.<br>
                <br>
                This change will allow to enlist your transaction in
                your FederationProvider with exact priority. So you can
                choose whether the commit will happenĀ  before JPA
                commit, or after JPA commit or even after infinispan
                commit etc.<br>
                <br>
              </div>
            </blockquote>
            <br>
            +1, this may help to resolve current problems<br>
            <br>
            <blockquote type="cite">
              <div> 2) Make TxAwareLDAPUserModelDelegate class more
                generic and reusable for other federation providers<br>
              </div>
            </blockquote>
            <br>
            may also help, but point 1 with correct documentation is
            main what we have to do<br>
            <br>
            Thanks<br>
            <br>
            Vlastimil<br>
            <br>
            <blockquote type="cite">
              <div> <br>
                Marek<span style="background-color:#e4e4ff"><br>
                  <br>
                </span> On 11/12/15 10:50, Vlastimil Elias wrote:<br>
              </div>
              <blockquote type="cite"> Hi,<br>
                <br>
                I use similar approach and problem is (at least I think)
                that local DB transaction is already commited when our
                code runs. It has two negative effects:<br>
                - if remote service call is successful you are not able
                to write anything locally as Jorge mentioned<br>
                - if remote service call fails local DB record is
                commited already and it is hard to implement correct
                error handling<br>
                <br>
                So I think User Federation SPI should be extended by
                exact method which allows atomic call of backend during
                user creation or update before local transaction is
                commited. I already created issue for it but not
                resolved yet <a href="https://issues.jboss.org/browse/KEYCLOAK-1075" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-1075</a><br>
                <br>
                Vlastimil<br>
                <br>
                <div>On 10.12.2015 18:49, Jorge M. wrote:<br>
                </div>
                <blockquote type="cite">
                  <p dir="ltr">Hi,</p>
                  <p dir="ltr">I think I&#39;m in the right track now. I&#39;m
                    being able to call the webservice before commit.
                    However, when the user is sucessfully created by the
                    webservice, I need to update my local user to add a
                    property with the external user id. How can I do
                    that in the same transaction?<br>
                    I&#39;m trying to set the property on the managed
                    delegate user model, but it has no effect.</p>
                  <p dir="ltr">Thank you!</p>
                  <div class="gmail_quote">On 9 Dec 2015 18:39, &quot;Marek
                    Posolda&quot; &lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;



                    wrote:<br type="attribution">
                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div text="#000000" bgcolor="#FFFFFF">
                        <div>On 09/12/15 19:33, Jorge M. wrote:<br>
                        </div>
                        <blockquote type="cite">
                          <p dir="ltr">I&#39;m developing a custom
                            federation that communicates with my user
                            repository via webservices. <br>
                            Probably this is a very strange scenario for
                            a federation but that&#39;s the unique way that
                            I have to communicate with the repository.</p>
                          <p dir="ltr">My problem is that, as the
                            webservices only exposes methods such as
                            createUser and updateUser, I&#39;m having
                            problems with registrations and user profile
                            updates because I&#39;m not being able to do
                            atomic calls to the webservice methods, with
                            all the information that I need.</p>
                          <p dir="ltr">As far as I know, from the
                            properties file example and from the ldap
                            federation source (probably I&#39;m missing
                            something) it seems that the federation api
                            is intended to update and sync attribute by
                            attribute (Keycloak &lt;-&gt; Federation). <br>
                            Am i wrong? Do you suggest another approach?
                            Should I give up from having a federation
                            that uses a webservice?</p>
                        </blockquote>
                        You can use &quot;transaction wrapper&quot;, which will
                        allow you to store all the updates to user
                        locally, but send the UPDATE request to your
                        webservice later at transaction commit time. You
                        may need to create custom transaction and enlist
                        it with Keycloak TransactionManager. <br>
                        <br>
                        This is what we have for LDAP federation
                        provider right now. See <span style="background-color:#e4e4ff">TxAwareLDAPUserModelDelegate.</span>
                        <br>
                        <br>
                        Marek<br>
                        <blockquote type="cite">
                          <p dir="ltr">Thank you.</p>
                          <br>
                          <fieldset></fieldset>
                          <br>
                          <pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
                        </blockquote>
                        <br>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                  <fieldset></fieldset>
                  <br>
                  <pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
                </blockquote>
                <br>
                <pre cols="72">-- 
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
                <br>
                <fieldset></fieldset>
                <br>
                <pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
              </blockquote>
              <br>
            </blockquote>
            <br>
            <pre cols="72">-- 
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
          </div>
          <br>
          _______________________________________________<br>
          keycloak-dev mailing list<br>
          <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
          <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
        </blockquote>
      </div>
    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br></blockquote></div><br></div>