[keycloak-user] How to migrate users and roles from in-house storage

Bruno Oliveira bruno at abstractj.org
Wed Jul 20 16:30:18 EDT 2016 

Note sure if it helps, but an example about how to do it
programatically is here[1].

I just adapted from the admin-client[2].


[1] - https://gist.github.com/abstractj/78b127e8c9273cdcea6eb82a1cfc153c
[2] - https://github.com/keycloak/keycloak/tree/master/examples/admin-client

On 2016-07-20, Paulo Pires wrote:
> I did check the admin-cli JAR but it's not clear how to add roles and
> users, or if it's even implemented (I did check the REST API and there's
> endpoints for that).
>
> Thank you very much for clarifying,
> Pires
>
> On Wed, Jul 20, 2016 at 2:52 PM Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
> > Yep, take a look at
> > https://keycloak.gitbooks.io/server-developer-guide/content/topics/admin-rest-api.html
> >
> > On 20 July 2016 at 15:33, Paulo Pires <pires at littlebits.cc> wrote:
> >
> >> More than 150k. Is there a Java library for the REST api?
> >>
> >> On Jul 20, 2016 13:56, "Stian Thorgersen" <sthorger at redhat.com> wrote:
> >>
> >>> Depending on the amount of users I'd use either partial import through
> >>> the admin console (if you don't have more than a thousand or so users) or
> >>> use the admin REST endpoints if you have quite a lot of users.
> >>>
> >>> On 20 July 2016 at 11:52, Paulo Pires <pires at littlebits.cc> wrote:
> >>>
> >>>> Hi all,
> >>>>
> >>>> I'm in the process of migrating from an in-house user-role storage to
> >>>> Keycloak and I'm looking for programmatic (Java) ways to migrate all
> >>>> current users to the new storage. And I need your help to figure out the
> >>>> best approach.
> >>>>
> >>>> At first, when reading KC documentation, I believed I could easily
> >>>> achieve this by implementing a User Federation provider but after diving a
> >>>> little more into it, and looking for examples, I can't see a way to migrate
> >>>> all users on-demand but simply one user at a time, possible during log-in.
> >>>>
> >>>> Next, I tried and look into ways, such as admin-cli, REST, etc but
> >>>> nothing strikes me as the solution to use.
> >>>>
> >>>> Here's what I was hoping to deliver:
> >>>> * Get all roles and users from my soon-to-be deprecated storage, e.g.
> >>>> MySQL tables
> >>>> * Add roles to KC
> >>>> * Iterate users and add user to KC + map roles + update password hashes
> >>>> (here I know I need to implement a HashProvider)
> >>>>
> >>>> Any hints will be appreciated!
> >>>>
> >>>> Pires
> >>>>
> >>>> _______________________________________________
> >>>> keycloak-user mailing list
> >>>> keycloak-user at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>
> >>>
> >>>
> >

> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


--

abstractj
PGP: 0x84DC9914

More information about the keycloak-user mailing list