[keycloak-user] Migrating Users Database

Stian Thorgersen stian at redhat.com
Fri May 16 03:50:30 EDT 2014 

We will add some documentation to this soon, but you basically need to:

- Implement https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java
- Implement https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java
- Add a 'META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory' that contains the fully qualified name of your AuthenticationProviderFactory implementation

Build as a JAR and drop into keycloak/standalone/deployments/auth-server.war/WEB-INF/lib.

Start the server, open the admin console, navigate to realm settings and authentication. Click Add Provider and it should now have your new provider. Add it to the realm.

It will now use your provider to authenticate users.

----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Thursday, 15 May, 2014 7:30:00 PM
> Subject: Re: [keycloak-user] Migrating Users Database
> 
> By the way, do you have further information regarding that SPI you mentioned?
> 
> I was looking at the source code but I couldn't derive much from it, I don't
> know exactly how I should implement my own provider, and how do I tell
> keycloak to use mine instead of its own.
> 
> 
> On Thu, May 15, 2014 at 11:05 AM, Rodrigo Sasaki < rodrigopsasaki at gmail.com >
> wrote:
> 
> 
> 
> That's quite alright at the moment.
> 
> We have seen the roadmap and if it stays around the announced dates, there
> shouldn't be a problem for us here.
> 
> 
> On Thu, May 15, 2014 at 11:03 AM, Bill Burke < bburke at redhat.com > wrote:
> 
> 
> FYI, Keycloak will be very slow until we start our performance work
> (scheduled for Beta-2). Right now, every login/logout/token action is
> all DB hits. We don't cache anything at the moment!
> 
> On 5/15/2014 7:02 AM, Rodrigo Sasaki wrote:
> > I am very interested in importing the whole database. It seems to be the
> > cleanest way to do what we want to do here, and migrate to keycloak
> > completely.
> > 
> > Are there any guidelines on how to do this? Nonetheless I will look into
> > the SPI you mentioned, might come in handy sometime.
> > 
> > 
> > On Thu, May 15, 2014 at 5:13 AM, Stian Thorgersen < stian at redhat.com
> > <mailto: stian at redhat.com >> wrote:
> > 
> > At the moment we have an Authentication SPI that will let you easily
> > authenticate users with your existing database of users. The first
> > time a new user logs in using this approach a user will be pulled in
> > to the Keycloak database. There's no documentation for this feature
> > yet, but look at the SPI at
> > https://github.com/keycloak/keycloak/tree/master/authentication/authentication-api
> > and the implementation that uses the Keycloak model itself to
> > authenticate at
> > https://github.com/keycloak/keycloak/tree/master/authentication/authentication-model
> > .
> > 
> > In the future we plan to provide a Sync SPI that will take this one
> > step further and let you sync users (and roles) to/from an existing
> > database.
> > 
> > However, if you plan to completely replace your current
> > authentication system the cleanest solution may be to import your
> > current user database into Keycloak once and for all. If you're
> > interested in this approach let me know.
> > 
> > ----- Original Message -----
> > > From: "Rodrigo Sasaki" < rodrigopsasaki at gmail.com
> > <mailto: rodrigopsasaki at gmail.com >>
> > > To: keycloak-user at lists.jboss.org
> > <mailto: keycloak-user at lists.jboss.org >
> > > Sent: Wednesday, 14 May, 2014 8:52:07 PM
> > > Subject: [keycloak-user] Migrating Users Database
> > > 
> > > Hi,
> > > 
> > > I'm trying to replace my current authentication system with
> > Keycloak, but I
> > > have one problem. I already have a database of users, populated with
> > > millions of records, and I wanted to make it work with Keycloak.
> > > 
> > > What would be the best approach on this scenario? Should I
> > migrate everything
> > > to the Keycloak tables, or try to make Keycloak understand my current
> > > database?
> > > 
> > > Is there any recommendation on this matter? And if there is, some
> > explanation
> > > or documentation?
> > > 
> > > Thanks!
> > > 
> > > --
> > > Rodrigo Sasaki
> > > 
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org <mailto: keycloak-user at lists.jboss.org >
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > 
> > 
> > 
> > 
> > --
> > Rodrigo Sasaki
> > 
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
> 
> --
> Rodrigo Sasaki
> 
> 
> 
> --
> Rodrigo Sasaki
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list