<div dir="ltr">Hmm, I see..<div><br></div><div>In that case, since I&#39;m using JPA, what would be the best way for me to get access to an EntityManager on my implementation of the AuthenticationProvider?</div></div><div class="gmail_extra">

<br><br><div class="gmail_quote">On Mon, May 19, 2014 at 5:20 PM, Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  <div bgcolor="#FFFFFF" text="#000000">

    <div>Hi Rodrigo,<br>

      <br>

      it&#39;s not &quot;Settings and Authentication&quot;, but it&#39;s tab &quot;Settings&quot;

      and then top bar called &quot;Authentication&quot; inside it. It will be

      opened if you login to admin console and then open URL:

      <a href="http://localhost:8081/auth/admin/#/realms/keycloak-admin" target="_blank">http://localhost:8081/auth/admin/#/realms/keycloak-admin</a> (Replace

      &#39;keycloak-admin&#39; with name of your realm, for example &#39;test&#39;).

      Once you open it, you can click to button &quot;Add provider&quot; and your

      provider should be available in the list of available

      authentication providers. <br>

      <br>

      For the inspiration, you can take a look at the existing

      implementations, for example this one:

      <a href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-picketlink" target="_blank">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-picketlink</a>

      and it&#39;s configuration in file:

      <a href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory" target="_blank">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory</a>

      . Note that it&#39;s using standard java ServiceLoader mechanism

      described here -

      <a href="http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html" target="_blank">http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html</a><br>

      <br>

      You don&#39;t need implement RealmAdapter . RealmAdapter is not

      related to authentication SPI. It&#39;s implementation of interface

      RealmModel, which is part of model-api. You need to implement

      model-api just in case that you want to create your own storage

      for all keycloak data, but implementing whole model-api is much

      more complicated and challenging than implementation of

      authentication-api. <br>

      <br>

      So in shortcut, you need to implement AuthenticationProvider

      interface, which will be able to read data from your internal

      database.<br>

      <br>

      Marek<div><div class="h5"><br>

      <br>

      On 19.5.2014 18:05, Rodrigo Sasaki wrote:<br>

    </div></div></div>

    <blockquote type="cite"><div><div class="h5">

      <div dir="ltr">I have done most of what you mentioned, although I

        didn&#39;t find the &quot;Settings and Authentication&quot; part on the Realm

        Settings. I couldn&#39;t add the new provider to it like you said,

        and the version I&#39;m using is the one available on the github

        repo.

        <div>

          <br>

        </div>

        <div>Also I saw that I should probably implement a RealmAdapter

          aswell, to provide access to my table structure, is that

          correct? If so, how should I configure Keycloak to use my

          adapter to find users, and not it&#39;s default one? Or at least

          not only it&#39;s default one</div>

      </div>

      </div></div><div class="gmail_extra"><br>

        <br>

        <div class="gmail_quote"><div><div class="h5">On Fri, May 16, 2014 at 4:50 AM, Stian

          Thorgersen <span dir="ltr">&lt;<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>&gt;</span>

          wrote:<br>

          </div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">We will

            add some documentation to this soon, but you basically need

            to:<br>

            <br>

            - Implement <a href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java" target="_blank">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java</a><br>

            - Implement <a href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java" target="_blank">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java</a><br>

            - Add a

            &#39;META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory&#39;

            that contains the fully qualified name of your

            AuthenticationProviderFactory implementation<br>

            <br>

            Build as a JAR and drop into

            keycloak/standalone/deployments/auth-server.war/WEB-INF/lib.<br>

            <br>

            Start the server, open the admin console, navigate to realm

            settings and authentication. Click Add Provider and it

            should now have your new provider. Add it to the realm.<br>

            <br>

            It will now use your provider to authenticate users.<br>

            <div><br>

              ----- Original Message -----<br>

              &gt; From: &quot;Rodrigo Sasaki&quot; &lt;<a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.com</a>&gt;<br>

            </div>

            </div></div><div>

              <div><div><div class="h5">&gt; To: &quot;Bill Burke&quot; &lt;<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>&gt;<br>

                &gt; Cc: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

                &gt; Sent: Thursday, 15 May, 2014 7:30:00 PM<br>

                &gt; Subject: Re: [keycloak-user] Migrating Users

                Database<br>

                &gt;<br>

                &gt; By the way, do you have further information

                regarding that SPI you mentioned?<br>

                &gt;<br>

                &gt; I was looking at the source code but I couldn&#39;t

                derive much from it, I don&#39;t<br>

                &gt; know exactly how I should implement my own

                provider, and how do I tell<br>

                &gt; keycloak to use mine instead of its own.<br>

                &gt;<br>

                &gt;<br>

                &gt; On Thu, May 15, 2014 at 11:05 AM, Rodrigo Sasaki

                &lt; <a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.com</a>

                &gt;<br>

                &gt; wrote:<br>

                &gt;<br>

                &gt;<br>

                &gt;<br>

                &gt; That&#39;s quite alright at the moment.<br>

                &gt;<br>

                &gt; We have seen the roadmap and if it stays around the

                announced dates, there<br>

                &gt; shouldn&#39;t be a problem for us here.<br>

                &gt;<br>

                &gt;<br>

                &gt; On Thu, May 15, 2014 at 11:03 AM, Bill Burke &lt; <a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>

                &gt; wrote:<br>

                &gt;<br>

                &gt;<br>

                &gt; FYI, Keycloak will be very slow until we start our

                performance work<br>

                &gt; (scheduled for Beta-2). Right now, every

                login/logout/token action is<br>

                &gt; all DB hits. We don&#39;t cache anything at the moment!<br>

                &gt;<br>

                &gt; On 5/15/2014 7:02 AM, Rodrigo Sasaki wrote:<br>

                &gt; &gt; I am very interested in importing the whole

                database. It seems to be the<br>

                &gt; &gt; cleanest way to do what we want to do here,

                and migrate to keycloak<br>

                &gt; &gt; completely.<br>

                &gt; &gt;<br>

                &gt; &gt; Are there any guidelines on how to do this?

                Nonetheless I will look into<br>

                &gt; &gt; the SPI you mentioned, might come in handy

                sometime.<br>

                &gt; &gt;<br>

                &gt; &gt;<br>

                &gt; &gt; On Thu, May 15, 2014 at 5:13 AM, Stian

                Thorgersen &lt; <a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a><br>

                &gt; &gt; &lt;mailto: <a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>

                &gt;&gt; wrote:<br>

                &gt; &gt;<br>

                &gt; &gt; At the moment we have an Authentication SPI

                that will let you easily<br>

                &gt; &gt; authenticate users with your existing database

                of users. The first<br>

                &gt; &gt; time a new user logs in using this approach a

                user will be pulled in<br>

                &gt; &gt; to the Keycloak database. There&#39;s no

                documentation for this feature<br>

                &gt; &gt; yet, but look at the SPI at<br>

                &gt; &gt; <a href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-api" target="_blank">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-api</a><br>

                &gt; &gt; and the implementation that uses the Keycloak

                model itself to<br>

                &gt; &gt; authenticate at<br>

                &gt; &gt; <a href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-model" target="_blank">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-model</a><br>

                &gt; &gt; .<br>

                &gt; &gt;<br>

                &gt; &gt; In the future we plan to provide a Sync SPI

                that will take this one<br>

                &gt; &gt; step further and let you sync users (and

                roles) to/from an existing<br>

                &gt; &gt; database.<br>

                &gt; &gt;<br>

                &gt; &gt; However, if you plan to completely replace

                your current<br>

                &gt; &gt; authentication system the cleanest solution

                may be to import your<br>

                &gt; &gt; current user database into Keycloak once and

                for all. If you&#39;re<br>

                &gt; &gt; interested in this approach let me know.<br>

                &gt; &gt;<br>

                &gt; &gt; ----- Original Message -----<br>

                &gt; &gt; &gt; From: &quot;Rodrigo Sasaki&quot; &lt; <a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.com</a><br>

                &gt; &gt; &lt;mailto: <a href="mailto:rodrigopsasaki@gmail.com" target="_blank">rodrigopsasaki@gmail.com</a>

                &gt;&gt;<br>

                &gt; &gt; &gt; To: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

                &gt; &gt; &lt;mailto: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

                &gt;<br>

                &gt; &gt; &gt; Sent: Wednesday, 14 May, 2014 8:52:07 PM<br>

                &gt; &gt; &gt; Subject: [keycloak-user] Migrating Users

                Database<br>

                &gt; &gt; &gt;<br>

                &gt; &gt; &gt; Hi,<br>

                &gt; &gt; &gt;<br>

                &gt; &gt; &gt; I&#39;m trying to replace my current

                authentication system with<br>

                &gt; &gt; Keycloak, but I<br>

                &gt; &gt; &gt; have one problem. I already have a

                database of users, populated with<br>

                &gt; &gt; &gt; millions of records, and I wanted to make

                it work with Keycloak.<br>

                &gt; &gt; &gt;<br>

                &gt; &gt; &gt; What would be the best approach on this

                scenario? Should I<br>

                &gt; &gt; migrate everything<br>

                &gt; &gt; &gt; to the Keycloak tables, or try to make

                Keycloak understand my current<br>

                &gt; &gt; &gt; database?<br>

                &gt; &gt; &gt;<br>

                &gt; &gt; &gt; Is there any recommendation on this

                matter? And if there is, some<br>

                &gt; &gt; explanation<br>

                &gt; &gt; &gt; or documentation?<br>

                &gt; &gt; &gt;<br>

                &gt; &gt; &gt; Thanks!<br>

                &gt; &gt; &gt;<br>

                &gt; &gt; &gt; --<br>

                &gt; &gt; &gt; Rodrigo Sasaki<br>

                &gt; &gt; &gt;<br>

                &gt; &gt; &gt;

                _______________________________________________<br>

                &gt; &gt; &gt; keycloak-user mailing list<br>

                &gt; &gt; &gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

                &lt;mailto: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

                &gt;<br>

                &gt; &gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

                &gt; &gt;<br>

                &gt; &gt;<br>

                &gt; &gt;<br>

                &gt; &gt;<br>

                &gt; &gt; --<br>

                &gt; &gt; Rodrigo Sasaki<br>

                &gt; &gt;<br>

                &gt; &gt;<br>

                &gt; &gt;

                _______________________________________________<br>

                &gt; &gt; keycloak-user mailing list<br>

                &gt; &gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

                &gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

                &gt; &gt;<br>

                &gt;<br>

                &gt; --<br>

                &gt; Bill Burke<br>

                &gt; JBoss, a division of Red Hat<br>

                &gt; <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>

                &gt; _______________________________________________<br>

                &gt; keycloak-user mailing list<br>

                &gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

                &gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

                &gt;<br></div></div>

                &gt;admin<div class=""><br>

                &gt;<br>

                &gt; --<br>

                &gt; Rodrigo Sasaki<br>

                &gt;<br>

                &gt;<br>

                &gt;<br>

                &gt; --<br>

                &gt; Rodrigo Sasaki<br>

                &gt;<br>

                &gt; _______________________________________________<br>

                &gt; keycloak-user mailing list<br>

                &gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>

                &gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>

              </div></div>

            </div>

          </blockquote>

        </div>

        <br>

        <br clear="all"><span class="HOEnZb"><font color="#888888">

        <div><br>

        </div>

        -- <br>

        <div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font></div>

      </font></span></div><span class="HOEnZb"><font color="#888888">

      <br>

      <fieldset></fieldset>

      <br></font></span><div class="">

      <pre>_______________________________________________

keycloak-user mailing list

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

    </div></blockquote>

    <br>

  </div>

<br>_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div>

</div></div>

</div>