<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 18 August 2016 at 20:30, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
On 8/18/16 4:59 AM, Stian Thorgersen wrote:<br>
> Bill,<br>
><br>
> Are you planing to have an option to allow import of users with the<br>
> new user federation SPI? I'm not convinced we should completely remove<br>
> this option.<br>
><br>
<br>
</span>The only callback that does not exist in the new SPI is<br>
validateAndProxy(). With the current federation SPI, the developer<br>
implements everything themselves for import. There are no<br>
synchronization APIs/SPIs either.<br>
<span class="">> Some use-cases I could imagine:<br>
><br>
> * Allow users to authenticate even if LDAP server is down<br>
</span>Our current LDAP provider will not work if LDAP is down, even with the<br>
import :)<br>
<span class=""><br>
<br>
> * Allow migrating users away from LDAP<br>
<br>
</span>We can do anything we want for our LDAP implementation. This doesn't<br>
mean that the SPI should have special support methods and interfaces for<br>
synchronization and import.<br></blockquote><div><br></div><div>I'd say migrating from one provider to the built-in provider (or even a different provider) is something that shouldn't be done by the provider themselves, but rather some sort of migration manager util.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Bill<br>
<br>
______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-dev</a><br>
</blockquote></div><br></div></div>