[keycloak-user] User federation provider taking care of ID provider links
Marek Posolda
mposolda at redhat.com
Fri Jul 8 10:43:56 EDT 2016
On 08/07/16 15:59, Matuszak, Eduard wrote:
> Hello
> I have implemented a (JPA-based) user federation provider that works
> pretty fine so far. We now want to be able to load the link
> information to a federated id provider (like google) from the external
> datasource into the Keycloak’s DB by means of the user federation
> provider, when the user is initially created in the Keycloak DB via
> his first login (or via user-synchronization). So far I could see, the
> user federation SPI works with a UserModel class which does not care
> about those attributes. Do you see any chance to set such attributes
> in a userfederation-implementation?
> One issue is, that keycloak’s user entries are deleted when the
> userfederation provider fails to connect to the federated resource
> (not found how to to deactivate this behaviour so far). The user entry
> is recreated after the next login succeeded (OK and fine), but the
> link to the identity provider is lost (not fine). The other issue is,
> that we want to administer userattributes completey in the federated
> datasource to reduce complexity of our datamanagement.
It depends how you implement methods "isValid" and "validateAndProxy"
of your UserFederation provider. If you fail to connect, you can
possibly just return the proxy of "local" UserModel, which was passed
as an argument to methods. But note that then all writes to this
UserModel won't be updated to your storage, but just to Keycloak DB.
Btv. There is UserFederation SPI refactoring in progressand there will
be updates to this SPI in next Keycloak versions (2.1 and laters)
Marek
> Best regards, Eduard Matuszak
> *Dr. Eduard Matuszak*
> Worldline, an atos company
> T +49 (211)399 398 63
> M +49 (163)166 23 67
> F +49(211) 399 22 430
> _eduard.matuszak at atos.net_ <mailto:eduard.matuszak at atos.net>
> Max-Stromeyer-Straße 116
> 78467 Konstanz
> Germany
> _de.worldline.com_ <http://worldline.com/de/1/Home.html>
> _worldline.jobs.de_ <http://worldline.jobs.de>
> _facebook.com/WorldlineKarriere_
> <http://www.facebook.com/WorldlineKarriere>
> Worldline GmbH
> Geschäftsführer: Wolf Kunisch
> Aufsichtsratsvorsitzender: Christophe Duquenne
> Sitz der Gesellschaft: Frankfurt/Main
> Handelsregister: Frankfurt/Main HRB 40 417
>
> * * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
> This e-mail and the documents attached are confidential and intended
> solely for the addressee; it may also be privileged. If you receive
> this e-mail by error, please notify the sender immediately and destroy
> it. As its integrity cannot be secured on the internet, the Atos group
> liability cannot be triggered for the message content. Although the
> sender endeavors to maintain a computer virus-free network, the sender
> does not warrant that this transmission is virus-free and shall not be
> liable for any damages resulting from any virus transmitted.
> * * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160708/e4b6bdcf/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1227 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160708/e4b6bdcf/attachment-0002.jpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2883 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160708/e4b6bdcf/attachment-0003.jpe
More information about the keycloak-user
mailing list