[keycloak-user] Not able to extend User Storage SPI without changing Keycloak configuration files

David VS david.vsaraiva at gmail.com
Thu Sep 5 05:22:47 EDT 2019 

Goal:
Setup custom federation which extends ldap provider.

Thank you so much for the fast reply!

On the following link there is a module that works as an example of what I
was trying to accomplish and its jar:
https://drive.google.com/open?id=1W3vFZu5lPW0x_AXMc5HPYY_Uh7L1ipwV

To make it running, I copied the jar
target/custom-keycloak-federation-4.8.3.Final.jar to
/opt/keycloak/standalone/deployments/.

I also appended to standalone/configuration/standalone.xml:
             <spi name="storage">
                   <provider name="custom-ldap" enabled="true"/>
              </spi>

Then, I restarted keycloak. If one goes to "User Federation" and creates a
custom ldap the following form is displayed (see image1.pgn, see link
above, its on the root folder), where all the labels are missing besides
the one we created (Display Name, on the bottom) and some buttons like
"Test connection" are missing.

Thoughts on the question:

- on the CustomLDAPStorageProviderFactory we can override
getConfigProperties() and add a new property. By calling
label()/defaultValue()/helpText() we can have the input field full
configured. On the other hand, in the parent LDAPStorageProviderFactory,
most of the defined properties do not have label/defaultValue/helpText
specified, and so, most input fields are empty (no label).

To have the input fields fully functional I was thinking two ways:
1) overriding all properties from LDAPStorageProviderFactory, and specify
one by one their content. But the buttons like "Test Connection" would
still be missing.

2) checking how the input form was created for LDAPStorageProviderFactory,
it uses user-storage-ldap.html. Which is being mapped from app.js.

Question: if we would use user-storage-ldap.html, how to map it to our
custom provider without changing the contents of app.js.

Question: how to extend user-storage-ldap.html for that attribute that we
added initially without having to copy the whole user-storage-ldap.html.

(Once again Im new to keycloak, and do not have experience with Freemarker).

Thank you so much for your support,

David

On Fri, Aug 23, 2019 at 12:54 PM Jan Lieskovsky <jlieskov at redhat.com> wrote:

> Hey David,
>
> On Thu, Aug 22, 2019 at 2:15 PM David VS <david.vsaraiva at gmail.com> wrote:
>
>> Goal:
>> Setup custom federation which extends ldap provider.
>>
>> Question: What is the proper way to extend the ldap federation while
>> adding
>> one more configuration input? (without changing internal keycloak files)
>>
>> I followed the steps in
>>
>> https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi
>> and specify my own provider and providerFactory,
>>
>> In admin console, when trying to create the federation "custom-ldap", most
>> of the input fields do not have a label and some buttons like "Test
>> connection" are missing. The configuration property that I added and
>> customized has label/default value/tooltip.
>>
>
> Hard to say without looking at the specific code, trying to implement this.
>
> But I would assume, those fields aren't available because the custom
> federation
> LDAP provider doesn't implement the underlying interface methods, that
> are actually responsible for performing the action, when particular button
> is clicked?
>
> What happens, if you override the specific methods from the default LDAP
> provider, responsible for accessing these fields, and point them back
> to the default implementation (e.g. by calling super() with the same args /
> params within the overridden interface method)?
>
>
>>
>> If it is not possible to extend the form, is there an easy way how to
>> inherit the same UI form from the ldap federation page in my extension?
>>
>
> Is the issue, that you can't see the fields, newly introduced by your
> custom LDAP
> federation provider, or that some fields from the default screen aren't
> accessible /
> usable upon the implementation of that a provider? Or both?
>
>
>>
>> (Im new to keycloak, and do not have experience with Freemarker).
>>
>> Thank you so much for your support,
>>
>> David
>>
>>
> Regards, Jan
>

More information about the keycloak-user mailing list