[keycloak-user] How to migrate users and roles from in-house storage

Paulo Pires pires at littlebits.cc
Thu Jul 21 07:06:10 EDT 2016 

Something like this should work though:

@GET
@Produces({"application/json"})
@Path("default-roles")
List<RoleRepresentation> getDefaultRoles();

@PUT
@Path("default-roles/{roleId}")
void addDefaultRole(@PathParam("roleId") String roleId);

@DELETE
@Path("default-roles/{roleId}")
void removeDefaultRole(@PathParam("roleId") String roleId);

On Thu, Jul 21, 2016 at 12:03 PM Paulo Pires <pires at littlebits.cc> wrote:

> It's working like a charm :)
>
> Some things I learned:
> * Need to import resteasy deps for keycloak-admin-cli explicitly
> * Methods won't return errors but will throw InvocationTargetException
> (must be checked)
>
> Question: is there a way to set default roles? I can't seem to find it in
> the Java code but it is available through REST.
>
> Thanks,
> Pires
>
> On Thu, Jul 21, 2016 at 8:47 AM Paulo Pires <pires at littlebits.cc> wrote:
>
>> Thank you Bruno, I haven't been able to verify your code but I assume
>> you're sharing it because it works.
>>
>> It seems pretty trivial, awesome!
>>
>> Cheers,
>> Pires
>>
>> On Wed, Jul 20, 2016 at 9:30 PM Bruno Oliveira <bruno at abstractj.org>
>> wrote:
>>
>>> Note sure if it helps, but an example about how to do it
>>> programatically is here[1].
>>>
>>> I just adapted from the admin-client[2].
>>>
>>>
>>> [1] - https://gist.github.com/abstractj/78b127e8c9273cdcea6eb82a1cfc153c
>>> [2] -
>>> https://github.com/keycloak/keycloak/tree/master/examples/admin-client
>>>
>>> On 2016-07-20, Paulo Pires wrote:
>>> > I did check the admin-cli JAR but it's not clear how to add roles and
>>> > users, or if it's even implemented (I did check the REST API and
>>> there's
>>> > endpoints for that).
>>> >
>>> > Thank you very much for clarifying,
>>> > Pires
>>> >
>>> > On Wed, Jul 20, 2016 at 2:52 PM Stian Thorgersen <sthorger at redhat.com>
>>> > wrote:
>>> >
>>> > > Yep, take a look at
>>> > >
>>> https://keycloak.gitbooks.io/server-developer-guide/content/topics/admin-rest-api.html
>>> > >
>>> > > On 20 July 2016 at 15:33, Paulo Pires <pires at littlebits.cc> wrote:
>>> > >
>>> > >> More than 150k. Is there a Java library for the REST api?
>>> > >>
>>> > >> On Jul 20, 2016 13:56, "Stian Thorgersen" <sthorger at redhat.com>
>>> wrote:
>>> > >>
>>> > >>> Depending on the amount of users I'd use either partial import
>>> through
>>> > >>> the admin console (if you don't have more than a thousand or so
>>> users) or
>>> > >>> use the admin REST endpoints if you have quite a lot of users.
>>> > >>>
>>> > >>> On 20 July 2016 at 11:52, Paulo Pires <pires at littlebits.cc> wrote:
>>> > >>>
>>> > >>>> Hi all,
>>> > >>>>
>>> > >>>> I'm in the process of migrating from an in-house user-role
>>> storage to
>>> > >>>> Keycloak and I'm looking for programmatic (Java) ways to migrate
>>> all
>>> > >>>> current users to the new storage. And I need your help to figure
>>> out the
>>> > >>>> best approach.
>>> > >>>>
>>> > >>>> At first, when reading KC documentation, I believed I could easily
>>> > >>>> achieve this by implementing a User Federation provider but after
>>> diving a
>>> > >>>> little more into it, and looking for examples, I can't see a way
>>> to migrate
>>> > >>>> all users on-demand but simply one user at a time, possible
>>> during log-in.
>>> > >>>>
>>> > >>>> Next, I tried and look into ways, such as admin-cli, REST, etc but
>>> > >>>> nothing strikes me as the solution to use.
>>> > >>>>
>>> > >>>> Here's what I was hoping to deliver:
>>> > >>>> * Get all roles and users from my soon-to-be deprecated storage,
>>> e.g.
>>> > >>>> MySQL tables
>>> > >>>> * Add roles to KC
>>> > >>>> * Iterate users and add user to KC + map roles + update password
>>> hashes
>>> > >>>> (here I know I need to implement a HashProvider)
>>> > >>>>
>>> > >>>> Any hints will be appreciated!
>>> > >>>>
>>> > >>>> Pires
>>> > >>>>
>>> > >>>> _______________________________________________
>>> > >>>> keycloak-user mailing list
>>> > >>>> keycloak-user at lists.jboss.org
>>> > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> > >>>>
>>> > >>>
>>> > >>>
>>> > >
>>>
>>> > _______________________________________________
>>> > keycloak-user mailing list
>>> > keycloak-user at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>> --
>>>
>>> abstractj
>>> PGP: 0x84DC9914
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160721/2b5f9919/attachment.html

More information about the keycloak-user mailing list