[keycloak-user] How to migrate users and roles from in-house storage

Paulo Pires pires at littlebits.cc
Thu Jul 21 07:13:44 EDT 2016 

I went ahead, cowboy style and opened a PR for it
https://github.com/keycloak/keycloak/pull/3056

Couldn't find tests so didn't add any.

Pires

On Thu, Jul 21, 2016 at 12:06 PM Paulo Pires <pires at littlebits.cc> wrote:

> Something like this should work though:
>
> @GET
> @Produces({"application/json"})
> @Path("default-roles")
> List<RoleRepresentation> getDefaultRoles();
>
> @PUT
> @Path("default-roles/{roleId}")
> void addDefaultRole(@PathParam("roleId") String roleId);
>
> @DELETE
> @Path("default-roles/{roleId}")
> void removeDefaultRole(@PathParam("roleId") String roleId);
>
> On Thu, Jul 21, 2016 at 12:03 PM Paulo Pires <pires at littlebits.cc> wrote:
>
>> It's working like a charm :)
>>
>> Some things I learned:
>> * Need to import resteasy deps for keycloak-admin-cli explicitly
>> * Methods won't return errors but will throw InvocationTargetException
>> (must be checked)
>>
>> Question: is there a way to set default roles? I can't seem to find it in
>> the Java code but it is available through REST.
>>
>> Thanks,
>> Pires
>>
>> On Thu, Jul 21, 2016 at 8:47 AM Paulo Pires <pires at littlebits.cc> wrote:
>>
>>> Thank you Bruno, I haven't been able to verify your code but I assume
>>> you're sharing it because it works.
>>>
>>> It seems pretty trivial, awesome!
>>>
>>> Cheers,
>>> Pires
>>>
>>> On Wed, Jul 20, 2016 at 9:30 PM Bruno Oliveira <bruno at abstractj.org>
>>> wrote:
>>>
>>>> Note sure if it helps, but an example about how to do it
>>>> programatically is here[1].
>>>>
>>>> I just adapted from the admin-client[2].
>>>>
>>>>
>>>> [1] -
>>>> https://gist.github.com/abstractj/78b127e8c9273cdcea6eb82a1cfc153c
>>>> [2] -
>>>> https://github.com/keycloak/keycloak/tree/master/examples/admin-client
>>>>
>>>> On 2016-07-20, Paulo Pires wrote:
>>>> > I did check the admin-cli JAR but it's not clear how to add roles and
>>>> > users, or if it's even implemented (I did check the REST API and
>>>> there's
>>>> > endpoints for that).
>>>> >
>>>> > Thank you very much for clarifying,
>>>> > Pires
>>>> >
>>>> > On Wed, Jul 20, 2016 at 2:52 PM Stian Thorgersen <sthorger at redhat.com
>>>> >
>>>> > wrote:
>>>> >
>>>> > > Yep, take a look at
>>>> > >
>>>> https://keycloak.gitbooks.io/server-developer-guide/content/topics/admin-rest-api.html
>>>> > >
>>>> > > On 20 July 2016 at 15:33, Paulo Pires <pires at littlebits.cc> wrote:
>>>> > >
>>>> > >> More than 150k. Is there a Java library for the REST api?
>>>> > >>
>>>> > >> On Jul 20, 2016 13:56, "Stian Thorgersen" <sthorger at redhat.com>
>>>> wrote:
>>>> > >>
>>>> > >>> Depending on the amount of users I'd use either partial import
>>>> through
>>>> > >>> the admin console (if you don't have more than a thousand or so
>>>> users) or
>>>> > >>> use the admin REST endpoints if you have quite a lot of users.
>>>> > >>>
>>>> > >>> On 20 July 2016 at 11:52, Paulo Pires <pires at littlebits.cc>
>>>> wrote:
>>>> > >>>
>>>> > >>>> Hi all,
>>>> > >>>>
>>>> > >>>> I'm in the process of migrating from an in-house user-role
>>>> storage to
>>>> > >>>> Keycloak and I'm looking for programmatic (Java) ways to migrate
>>>> all
>>>> > >>>> current users to the new storage. And I need your help to figure
>>>> out the
>>>> > >>>> best approach.
>>>> > >>>>
>>>> > >>>> At first, when reading KC documentation, I believed I could
>>>> easily
>>>> > >>>> achieve this by implementing a User Federation provider but
>>>> after diving a
>>>> > >>>> little more into it, and looking for examples, I can't see a way
>>>> to migrate
>>>> > >>>> all users on-demand but simply one user at a time, possible
>>>> during log-in.
>>>> > >>>>
>>>> > >>>> Next, I tried and look into ways, such as admin-cli, REST, etc
>>>> but
>>>> > >>>> nothing strikes me as the solution to use.
>>>> > >>>>
>>>> > >>>> Here's what I was hoping to deliver:
>>>> > >>>> * Get all roles and users from my soon-to-be deprecated storage,
>>>> e.g.
>>>> > >>>> MySQL tables
>>>> > >>>> * Add roles to KC
>>>> > >>>> * Iterate users and add user to KC + map roles + update password
>>>> hashes
>>>> > >>>> (here I know I need to implement a HashProvider)
>>>> > >>>>
>>>> > >>>> Any hints will be appreciated!
>>>> > >>>>
>>>> > >>>> Pires
>>>> > >>>>
>>>> > >>>> _______________________________________________
>>>> > >>>> keycloak-user mailing list
>>>> > >>>> keycloak-user at lists.jboss.org
>>>> > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> > >>>>
>>>> > >>>
>>>> > >>>
>>>> > >
>>>>
>>>> > _______________________________________________
>>>> > keycloak-user mailing list
>>>> > keycloak-user at lists.jboss.org
>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>> --
>>>>
>>>> abstractj
>>>> PGP: 0x84DC9914
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160721/cb06e7ea/attachment-0001.html

More information about the keycloak-user mailing list