[keycloak-user] Migrating Users Database

Rodrigo Sasaki rodrigopsasaki at gmail.com
Mon May 19 12:05:28 EDT 2014 

I have done most of what you mentioned, although I didn't find the
"Settings and Authentication" part on the Realm Settings. I couldn't add
the new provider to it like you said, and the version I'm using is the one
available on the github repo.

Also I saw that I should probably implement a RealmAdapter aswell, to
provide access to my table structure, is that correct? If so, how should I
configure Keycloak to use my adapter to find users, and not it's default
one? Or at least not only it's default one


On Fri, May 16, 2014 at 4:50 AM, Stian Thorgersen <stian at redhat.com> wrote:

> We will add some documentation to this soon, but you basically need to:
>
> - Implement
> https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java
> - Implement
> https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java
> - Add a
> 'META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory'
> that contains the fully qualified name of your
> AuthenticationProviderFactory implementation
>
> Build as a JAR and drop into
> keycloak/standalone/deployments/auth-server.war/WEB-INF/lib.
>
> Start the server, open the admin console, navigate to realm settings and
> authentication. Click Add Provider and it should now have your new
> provider. Add it to the realm.
>
> It will now use your provider to authenticate users.
>
> ----- Original Message -----
> > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> > To: "Bill Burke" <bburke at redhat.com>
> > Cc: keycloak-user at lists.jboss.org
> > Sent: Thursday, 15 May, 2014 7:30:00 PM
> > Subject: Re: [keycloak-user] Migrating Users Database
> >
> > By the way, do you have further information regarding that SPI you
> mentioned?
> >
> > I was looking at the source code but I couldn't derive much from it, I
> don't
> > know exactly how I should implement my own provider, and how do I tell
> > keycloak to use mine instead of its own.
> >
> >
> > On Thu, May 15, 2014 at 11:05 AM, Rodrigo Sasaki <
> rodrigopsasaki at gmail.com >
> > wrote:
> >
> >
> >
> > That's quite alright at the moment.
> >
> > We have seen the roadmap and if it stays around the announced dates,
> there
> > shouldn't be a problem for us here.
> >
> >
> > On Thu, May 15, 2014 at 11:03 AM, Bill Burke < bburke at redhat.com >
> wrote:
> >
> >
> > FYI, Keycloak will be very slow until we start our performance work
> > (scheduled for Beta-2). Right now, every login/logout/token action is
> > all DB hits. We don't cache anything at the moment!
> >
> > On 5/15/2014 7:02 AM, Rodrigo Sasaki wrote:
> > > I am very interested in importing the whole database. It seems to be
> the
> > > cleanest way to do what we want to do here, and migrate to keycloak
> > > completely.
> > >
> > > Are there any guidelines on how to do this? Nonetheless I will look
> into
> > > the SPI you mentioned, might come in handy sometime.
> > >
> > >
> > > On Thu, May 15, 2014 at 5:13 AM, Stian Thorgersen < stian at redhat.com
> > > <mailto: stian at redhat.com >> wrote:
> > >
> > > At the moment we have an Authentication SPI that will let you easily
> > > authenticate users with your existing database of users. The first
> > > time a new user logs in using this approach a user will be pulled in
> > > to the Keycloak database. There's no documentation for this feature
> > > yet, but look at the SPI at
> > >
> https://github.com/keycloak/keycloak/tree/master/authentication/authentication-api
> > > and the implementation that uses the Keycloak model itself to
> > > authenticate at
> > >
> https://github.com/keycloak/keycloak/tree/master/authentication/authentication-model
> > > .
> > >
> > > In the future we plan to provide a Sync SPI that will take this one
> > > step further and let you sync users (and roles) to/from an existing
> > > database.
> > >
> > > However, if you plan to completely replace your current
> > > authentication system the cleanest solution may be to import your
> > > current user database into Keycloak once and for all. If you're
> > > interested in this approach let me know.
> > >
> > > ----- Original Message -----
> > > > From: "Rodrigo Sasaki" < rodrigopsasaki at gmail.com
> > > <mailto: rodrigopsasaki at gmail.com >>
> > > > To: keycloak-user at lists.jboss.org
> > > <mailto: keycloak-user at lists.jboss.org >
> > > > Sent: Wednesday, 14 May, 2014 8:52:07 PM
> > > > Subject: [keycloak-user] Migrating Users Database
> > > >
> > > > Hi,
> > > >
> > > > I'm trying to replace my current authentication system with
> > > Keycloak, but I
> > > > have one problem. I already have a database of users, populated with
> > > > millions of records, and I wanted to make it work with Keycloak.
> > > >
> > > > What would be the best approach on this scenario? Should I
> > > migrate everything
> > > > to the Keycloak tables, or try to make Keycloak understand my current
> > > > database?
> > > >
> > > > Is there any recommendation on this matter? And if there is, some
> > > explanation
> > > > or documentation?
> > > >
> > > > Thanks!
> > > >
> > > > --
> > > > Rodrigo Sasaki
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org <mailto: keycloak-user at lists.jboss.org>
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
Rodrigo Sasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140519/63b06ecb/attachment-0001.html

More information about the keycloak-user mailing list