[keycloak-user] Keycloak JPA UserFederation Adapter in multiple realms with different Datasource names
Juan Pablo Perata
jpperata at gmail.com
Fri Sep 21 21:58:54 EDT 2018
Hi,
Thank you for the code, I am with such requirement and making some chances
to adapt user federation to work with multiple realms and diferent
datasources.
Is it possible for you to share the code for CustomUserStorageProvider? I
suppose it is similar to keycloak JPA provider sample but without injection
of Entity Manager, it is recieved from the create method in the factory.
Perhaps something can be done with CDI or a Producer, I will give a try.
Regards,
Juan
El sáb., 10 de feb. de 2018 09:41, Niels Bertram <nielsbne at gmail.com>
escribió:
> Hi Marek,
>
> using an application managed EntityManagerFactory appear to be working. I
> created a UserStorageProviderFactory that is managing a entity manager
> factory and when I use the entity manager in the UserStorageProvider the
> transaction is managed by the container transaction manager that also
> manages the Keycloak transactions. Why am I certain about that? Had a few
> errors in the beginning about 2 datasources trying to enroll as last
> resort.
>
> The main ingredients in this gist.
>
> https://gist.github.com/bertramn/cbc4eec5e7b13e28099f4165a0c15b29
>
>
> The trick is to tell hibernate
> <
> https://gist.github.com/bertramn/cbc4eec5e7b13e28099f4165a0c15b29#file-customuserstorageproviderfactory-java-L117
> >
> where to get the JTA platform transaction manager from.
>
> Does that look about right? I have a feeling it could be simplified with
> some CDI magic ...
>
> Cheers Niels
>
>
> On Sat, Feb 10, 2018 at 12:26 AM, Niels Bertram <nielsbne at gmail.com>
> wrote:
>
> > Yes studied that one before asking the question, its close but not close
> > enough. I think I will get away with creating an application managed
> > persistence context with container managed transaction. Then in the
> > provider factory I will read the DataSource name from config and create
> the
> > entity transaction manager. Am just not too sure if it'll work with the
> > things you do in Keycloak to access these provider EJBs. I kinda need 1
> > stateful session bean for each provider instance added to the realm and
> > that needs its on EntityManagerFactory which enrolls the entity manager
> in
> > the JTA from Keycloak. Will report back if I can get something working.
> > Thanks Niels
> >
> > On Sat, Feb 10, 2018 at 12:18 AM, Marek Posolda <mposolda at redhat.com>
> > wrote:
> >
> >> I suggest to look at this example: https://github.com/keycloak/ke
> >> ycloak/tree/master/examples/providers/user-storage-jpa
> >>
> >> AFAIK It's probably closest thing to your usecase, which we have.
> >>
> >> Marek
> >>
> >> Dne 8.2.2018 v 17:49 Niels Bertram napsal(a):
> >>
> >>> Hi there,
> >>>
> >>> we have a requirement to set the jndi datasource name on a
> UserFederation
> >>> provider when added to a realm to support connecting different realms
> in
> >>> the same Keycloak server to different databases. Been through the
> >>> examples
> >>> and read a few emails from around 2016 in the developer list but do not
> >>> find anyone who'd actually done this before. we could create a user
> >>> managed
> >>> EntityManagerFactory within the federation provider factory but the
> >>> question is then how can we inject it into the container context and
> >>> enlist
> >>> our transactions in the JTA?
> >>>
> >>> Has anyone ever had to implement something like that?
> >>>
> >>> Cheers,
> >>> NIels
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >>
> >>
> >>
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list