<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi Rodrigo,<br>
      <br>
      it's not "Settings and Authentication", but it's tab "Settings"
      and then top bar called "Authentication" inside it. It will be
      opened if you login to admin console and then open URL:
      <a class="moz-txt-link-freetext" href="http://localhost:8081/auth/admin/#/realms/keycloak-admin">http://localhost:8081/auth/admin/#/realms/keycloak-admin</a> (Replace
      'keycloak-admin' with name of your realm, for example 'test').
      Once you open it, you can click to button "Add provider" and your
      provider should be available in the list of available
      authentication providers. <br>
      <br>
      For the inspiration, you can take a look at the existing
      implementations, for example this one:
      <a class="moz-txt-link-freetext" href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-picketlink">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-picketlink</a>
      and it's configuration in file:
      <a class="moz-txt-link-freetext" href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory</a>
      . Note that it's using standard java ServiceLoader mechanism
      described here -
      <a class="moz-txt-link-freetext" href="http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html">http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html</a><br>
      <br>
      You don't need implement RealmAdapter . RealmAdapter is not
      related to authentication SPI. It's implementation of interface
      RealmModel, which is part of model-api. You need to implement
      model-api just in case that you want to create your own storage
      for all keycloak data, but implementing whole model-api is much
      more complicated and challenging than implementation of
      authentication-api. <br>
      <br>
      So in shortcut, you need to implement AuthenticationProvider
      interface, which will be able to read data from your internal
      database.<br>
      <br>
      Marek<br>
      <br>
      On 19.5.2014 18:05, Rodrigo Sasaki wrote:<br>
    </div>
    <blockquote
cite="mid:CANLOgwAFHkCuyah8bvw39DpfHKwC8Kzvc1_+0iUcPXut76fSGQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">I have done most of what you mentioned, although I
        didn't find the "Settings and Authentication" part on the Realm
        Settings. I couldn't add the new provider to it like you said,
        and the version I'm using is the one available on the github
        repo.
        <div>
          <br>
        </div>
        <div>Also I saw that I should probably implement a RealmAdapter
          aswell, to provide access to my table structure, is that
          correct? If so, how should I configure Keycloak to use my
          adapter to find users, and not it's default one? Or at least
          not only it's default one</div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Fri, May 16, 2014 at 4:50 AM, Stian
          Thorgersen <span dir="ltr">&lt;<a moz-do-not-send="true"
              href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">We will
            add some documentation to this soon, but you basically need
            to:<br>
            <br>
            - Implement <a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java"
              target="_blank">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java</a><br>
            - Implement <a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java"
              target="_blank">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java</a><br>
            - Add a
            'META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory'
            that contains the fully qualified name of your
            AuthenticationProviderFactory implementation<br>
            <br>
            Build as a JAR and drop into
            keycloak/standalone/deployments/auth-server.war/WEB-INF/lib.<br>
            <br>
            Start the server, open the admin console, navigate to realm
            settings and authentication. Click Add Provider and it
            should now have your new provider. Add it to the realm.<br>
            <br>
            It will now use your provider to authenticate users.<br>
            <div class="im HOEnZb"><br>
              ----- Original Message -----<br>
              &gt; From: "Rodrigo Sasaki" &lt;<a moz-do-not-send="true"
                href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a>&gt;<br>
            </div>
            <div class="HOEnZb">
              <div class="h5">&gt; To: "Bill Burke" &lt;<a
                  moz-do-not-send="true" href="mailto:bburke@redhat.com">bburke@redhat.com</a>&gt;<br>
                &gt; Cc: <a moz-do-not-send="true"
                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
                &gt; Sent: Thursday, 15 May, 2014 7:30:00 PM<br>
                &gt; Subject: Re: [keycloak-user] Migrating Users
                Database<br>
                &gt;<br>
                &gt; By the way, do you have further information
                regarding that SPI you mentioned?<br>
                &gt;<br>
                &gt; I was looking at the source code but I couldn't
                derive much from it, I don't<br>
                &gt; know exactly how I should implement my own
                provider, and how do I tell<br>
                &gt; keycloak to use mine instead of its own.<br>
                &gt;<br>
                &gt;<br>
                &gt; On Thu, May 15, 2014 at 11:05 AM, Rodrigo Sasaki
                &lt; <a moz-do-not-send="true"
                  href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a>
                &gt;<br>
                &gt; wrote:<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt; That's quite alright at the moment.<br>
                &gt;<br>
                &gt; We have seen the roadmap and if it stays around the
                announced dates, there<br>
                &gt; shouldn't be a problem for us here.<br>
                &gt;<br>
                &gt;<br>
                &gt; On Thu, May 15, 2014 at 11:03 AM, Bill Burke &lt; <a
                  moz-do-not-send="true" href="mailto:bburke@redhat.com">bburke@redhat.com</a>
                &gt; wrote:<br>
                &gt;<br>
                &gt;<br>
                &gt; FYI, Keycloak will be very slow until we start our
                performance work<br>
                &gt; (scheduled for Beta-2). Right now, every
                login/logout/token action is<br>
                &gt; all DB hits. We don't cache anything at the moment!<br>
                &gt;<br>
                &gt; On 5/15/2014 7:02 AM, Rodrigo Sasaki wrote:<br>
                &gt; &gt; I am very interested in importing the whole
                database. It seems to be the<br>
                &gt; &gt; cleanest way to do what we want to do here,
                and migrate to keycloak<br>
                &gt; &gt; completely.<br>
                &gt; &gt;<br>
                &gt; &gt; Are there any guidelines on how to do this?
                Nonetheless I will look into<br>
                &gt; &gt; the SPI you mentioned, might come in handy
                sometime.<br>
                &gt; &gt;<br>
                &gt; &gt;<br>
                &gt; &gt; On Thu, May 15, 2014 at 5:13 AM, Stian
                Thorgersen &lt; <a moz-do-not-send="true"
                  href="mailto:stian@redhat.com">stian@redhat.com</a><br>
                &gt; &gt; &lt;mailto: <a moz-do-not-send="true"
                  href="mailto:stian@redhat.com">stian@redhat.com</a>
                &gt;&gt; wrote:<br>
                &gt; &gt;<br>
                &gt; &gt; At the moment we have an Authentication SPI
                that will let you easily<br>
                &gt; &gt; authenticate users with your existing database
                of users. The first<br>
                &gt; &gt; time a new user logs in using this approach a
                user will be pulled in<br>
                &gt; &gt; to the Keycloak database. There's no
                documentation for this feature<br>
                &gt; &gt; yet, but look at the SPI at<br>
                &gt; &gt; <a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-api"
                  target="_blank">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-api</a><br>
                &gt; &gt; and the implementation that uses the Keycloak
                model itself to<br>
                &gt; &gt; authenticate at<br>
                &gt; &gt; <a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-model"
                  target="_blank">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-model</a><br>
                &gt; &gt; .<br>
                &gt; &gt;<br>
                &gt; &gt; In the future we plan to provide a Sync SPI
                that will take this one<br>
                &gt; &gt; step further and let you sync users (and
                roles) to/from an existing<br>
                &gt; &gt; database.<br>
                &gt; &gt;<br>
                &gt; &gt; However, if you plan to completely replace
                your current<br>
                &gt; &gt; authentication system the cleanest solution
                may be to import your<br>
                &gt; &gt; current user database into Keycloak once and
                for all. If you're<br>
                &gt; &gt; interested in this approach let me know.<br>
                &gt; &gt;<br>
                &gt; &gt; ----- Original Message -----<br>
                &gt; &gt; &gt; From: "Rodrigo Sasaki" &lt; <a
                  moz-do-not-send="true"
                  href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a><br>
                &gt; &gt; &lt;mailto: <a moz-do-not-send="true"
                  href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a>
                &gt;&gt;<br>
                &gt; &gt; &gt; To: <a moz-do-not-send="true"
                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
                &gt; &gt; &lt;mailto: <a moz-do-not-send="true"
                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
                &gt;<br>
                &gt; &gt; &gt; Sent: Wednesday, 14 May, 2014 8:52:07 PM<br>
                &gt; &gt; &gt; Subject: [keycloak-user] Migrating Users
                Database<br>
                &gt; &gt; &gt;<br>
                &gt; &gt; &gt; Hi,<br>
                &gt; &gt; &gt;<br>
                &gt; &gt; &gt; I'm trying to replace my current
                authentication system with<br>
                &gt; &gt; Keycloak, but I<br>
                &gt; &gt; &gt; have one problem. I already have a
                database of users, populated with<br>
                &gt; &gt; &gt; millions of records, and I wanted to make
                it work with Keycloak.<br>
                &gt; &gt; &gt;<br>
                &gt; &gt; &gt; What would be the best approach on this
                scenario? Should I<br>
                &gt; &gt; migrate everything<br>
                &gt; &gt; &gt; to the Keycloak tables, or try to make
                Keycloak understand my current<br>
                &gt; &gt; &gt; database?<br>
                &gt; &gt; &gt;<br>
                &gt; &gt; &gt; Is there any recommendation on this
                matter? And if there is, some<br>
                &gt; &gt; explanation<br>
                &gt; &gt; &gt; or documentation?<br>
                &gt; &gt; &gt;<br>
                &gt; &gt; &gt; Thanks!<br>
                &gt; &gt; &gt;<br>
                &gt; &gt; &gt; --<br>
                &gt; &gt; &gt; Rodrigo Sasaki<br>
                &gt; &gt; &gt;<br>
                &gt; &gt; &gt;
                _______________________________________________<br>
                &gt; &gt; &gt; keycloak-user mailing list<br>
                &gt; &gt; &gt; <a moz-do-not-send="true"
                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
                &lt;mailto: <a moz-do-not-send="true"
                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
                &gt;<br>
                &gt; &gt; &gt; <a moz-do-not-send="true"
                  href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
                  target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
                &gt; &gt;<br>
                &gt; &gt;<br>
                &gt; &gt;<br>
                &gt; &gt;<br>
                &gt; &gt; --<br>
                &gt; &gt; Rodrigo Sasaki<br>
                &gt; &gt;<br>
                &gt; &gt;<br>
                &gt; &gt;
                _______________________________________________<br>
                &gt; &gt; keycloak-user mailing list<br>
                &gt; &gt; <a moz-do-not-send="true"
                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
                &gt; &gt; <a moz-do-not-send="true"
                  href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
                  target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
                &gt; &gt;<br>
                &gt;<br>
                &gt; --<br>
                &gt; Bill Burke<br>
                &gt; JBoss, a division of Red Hat<br>
                &gt; <a moz-do-not-send="true"
                  href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
                &gt; _______________________________________________<br>
                &gt; keycloak-user mailing list<br>
                &gt; <a moz-do-not-send="true"
                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
                &gt; <a moz-do-not-send="true"
                  href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
                  target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
                &gt;<br>
                &gt;admin<br>
                &gt;<br>
                &gt; --<br>
                &gt; Rodrigo Sasaki<br>
                &gt;<br>
                &gt;<br>
                &gt;<br>
                &gt; --<br>
                &gt; Rodrigo Sasaki<br>
                &gt;<br>
                &gt; _______________________________________________<br>
                &gt; keycloak-user mailing list<br>
                &gt; <a moz-do-not-send="true"
                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
                &gt; <a moz-do-not-send="true"
                  href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
                  target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font></div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </body>
</html>