[keycloak-user] Roles Integration

Stian Thorgersen stian at redhat.com
Tue Jun 17 07:33:17 EDT 2014 

Currently we don't support importing users into an existing realm, but you can import a complete realm config including users.

Have a look at https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/resources/testrealm.json. This includes the realm, a few apps/clients, roles, scope mappings, users and user role mappings. You can import this either by running keycloak with -Dkeycloak.import=<path to json file> or through the admin console by selecting add realm and using the upload option.

It will only work if the realm doesn't already exist, and it's not very efficient at the moment (everything is loaded into memory and written to the db in one transaction).

----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "Bill Burke" <bburke at redhat.com>, keycloak-user at lists.jboss.org
> Sent: Tuesday, 17 June, 2014 12:23:08 PM
> Subject: Re: [keycloak-user] Roles Integration
> 
> That would be really awesome, thanks :)
> 
> But just for now, could you tell me how to do it with the JSON like you
> previously suggested? That way I can import a sample of my users in my dev
> environment so I can keep on testing it out.
> 
> 
> On Tue, Jun 17, 2014 at 6:12 AM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> > We're currently working on performance testing and need to investigate how
> > Keycloak handles with large amounts of users. We'll also look at importing
> > such a large amount of users into the db.
> >
> > We'll look at this over the next week and get back to you :)
> >
> > ----- Original Message -----
> > > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> > > To: "Bill Burke" <bburke at redhat.com>
> > > Cc: keycloak-user at lists.jboss.org
> > > Sent: Monday, 16 June, 2014 8:21:06 PM
> > > Subject: Re: [keycloak-user] Roles Integration
> > >
> > > Just to be more specific, our mapping here is really simple.
> > >
> > > We have 1 table with the users, one with the roles, and a third one that
> > maps
> > > them both together.
> > >
> > > Thank you for trying to help!
> > >
> > >
> > > On Mon, Jun 16, 2014 at 12:44 PM, Rodrigo Sasaki <
> > rodrigopsasaki at gmail.com >
> > > wrote:
> > >
> > >
> > >
> > > They are all stored in a table on a RDBMS
> > >
> > >
> > > On Mon, Jun 16, 2014 at 12:34 PM, Bill Burke < bburke at redhat.com >
> > wrote:
> > >
> > >
> > > These 20 Million users: Are they stored in a RDBMS? LDAP?
> > >
> > > On 6/16/2014 11:28 AM, Bill Burke wrote:
> > > > Nice! You will be a great reference for us. We'll make it happen.
> > > > Just remind us of this every time we're lax answering your questions :)
> > > >
> > > > On 6/16/2014 10:44 AM, Rodrigo Sasaki wrote:
> > > >> We have about 15 roles and over 20 million users
> > > >>
> > > >>
> > > >> On Mon, Jun 16, 2014 at 11:32 AM, Stian Thorgersen < stian at redhat.com
> > > >> <mailto: stian at redhat.com >> wrote:
> > > >>
> > > >>
> > > >>
> > > >> ----- Original Message -----
> > > >> > From: "Rodrigo Sasaki" < rodrigopsasaki at gmail.com
> > > >> <mailto: rodrigopsasaki at gmail.com >>
> > > >> > To: "Stian Thorgersen" < stian at redhat.com <mailto: stian at redhat.com
> > >>
> > > >> > Cc: keycloak-user at lists.jboss.org
> > > >> <mailto: keycloak-user at lists.jboss.org >
> > > >> > Sent: Monday, 16 June, 2014 3:27:43 PM
> > > >> > Subject: Re: [keycloak-user] Roles Integration
> > > >> >
> > > >> > That's an interesting suggestion, but how would I do that if the
> > > >> databases
> > > >> > are very different?
> > > >> >
> > > >> > Just remembering that I want to integrate the user role mappings,
> > > >> and not
> > > >> > just the roles themselves.
> > > >>
> > > >> Makes sense, roles are not worth much if no users have mappings to
> > > >> them ;)
> > > >>
> > > >> >
> > > >> > Should I create a JSON from my database following a specific
> > > >> format to
> > > >> > import it into Keycloak?
> > > >>
> > > >> Yes, that's the idea. Roughly how many users and roles do you have?
> > > >>
> > > >> >
> > > >> >
> > > >> > On Mon, Jun 16, 2014 at 6:01 AM, Stian Thorgersen
> > > >> < stian at redhat.com <mailto: stian at redhat.com >> wrote:
> > > >> >
> > > >> > > The only way to do that at the moment would be to import the
> > > >> data into the
> > > >> > > Keycloak database. The easiest way to do this would be to
> > > >> export your
> > > >> > > database to json and import into Keycloak.
> > > >> > >
> > > >> > > If this is something you want to do, let me know and we can
> > > >> give you some
> > > >> > > instructions, maybe also an example, on how to do this.
> > > >> > >
> > > >> > > ----- Original Message -----
> > > >> > > > From: "Rodrigo Sasaki" < rodrigopsasaki at gmail.com
> > > >> <mailto: rodrigopsasaki at gmail.com >>
> > > >> > > > To: keycloak-user at lists.jboss.org
> > > >> <mailto: keycloak-user at lists.jboss.org >
> > > >> > > > Sent: Friday, 13 June, 2014 3:39:55 PM
> > > >> > > > Subject: [keycloak-user] Roles Integration
> > > >> > > >
> > > >> > > > Hi,
> > > >> > > >
> > > >> > > > I needed to migrate accounts from an old database to
> > > >> authenticate with
> > > >> > > > Keycloak, and I implemented my own provider of the
> > > >> Authentication SPI,
> > > >> > > which
> > > >> > > > worked fine.
> > > >> > > >
> > > >> > > > Now what should I do if I need to migrate the roles from
> > > >> those accounts
> > > >> > > > aswell? Is there a suggested flow that I should follow?
> > > >> > > >
> > > >> > > > Thanks,
> > > >> > > >
> > > >> > > > --
> > > >> > > > Rodrigo Sasaki
> > > >> > > >
> > > >> > > > _______________________________________________
> > > >> > > > keycloak-user mailing list
> > > >> > > > keycloak-user at lists.jboss.org
> > > >> <mailto: keycloak-user at lists.jboss.org >
> > > >> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >> > >
> > > >> >
> > > >> >
> > > >> >
> > > >> > --
> > > >> > Rodrigo Sasaki
> > > >> >
> > > >>
> > > >>
> > > >>
> > > >>
> > > >> --
> > > >> Rodrigo Sasaki
> > > >>
> > > >>
> > > >> _______________________________________________
> > > >> keycloak-user mailing list
> > > >> keycloak-user at lists.jboss.org
> > > >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >>
> > > >
> > >
> > > --
> > > Bill Burke
> > > JBoss, a division of Red Hat
> > > http://bill.burkecentral.com
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> 
> 
> 
> --
> Rodrigo Sasaki
>

More information about the keycloak-user mailing list