[keycloak-user] Migrating custom user database to Keycloak
Marek Posolda
mposolda at redhat.com
Mon May 11 05:26:07 EDT 2015
On 8.5.2015 17:16, Anton Hughes wrote:
> Thanks Stian
> On Fri, May 8, 2015 at 7:17 AM, Stian Thorgersen <stian at redhat.com
> <mailto:stian at redhat.com>> wrote:
>
>
> Yes, you've got two options atm:
>
> * Export your users to a json file and import into Keycloak - in
> the future we want to be able to import users into existing realm,
> but currently you have to create a new realm
>
> Its no problem creating a realm. Is there an example of importing
> users from a json file? Or can you point me to documentation for this?
You can see some documentation for export/import here
http://docs.jboss.org/keycloak/docs/1.2.0.CR1/userguide/html/export-import.html
. You can first try to create some example realm with few users, then
export it and then re-import it to see how it works and what is the
format of the file.
However the tricky part for migrating users from external system to
Keycloak DB are user passwords. You will be able to import user
passwords to Keycloak DB just if you know them in plain-text or if you
use PBKDF2 for store them in your current DB like we are using in
Keycloak. In this case you will need to add hash + salt + number of
iterations (you will need to know these from your DB) for each user
password similarly like you can see in the file previously exported from
Keycloak DB.
That's why using federation and implement your FederationProvider might
be better approach.
Marek
>
> * Use the admin rest api (or java admin client) to import users
>
> Thanks again
>
>
>
> --
> *
>
>
> *
>
> ****
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150511/f56e9ba9/attachment.html
More information about the keycloak-user
mailing list