<div dir="ltr">Alright then.<div><br></div><div>I guess I should alter the dependencies in pom.xml then, I just thought that there was another way defined, perhaps on a different layer, and that not having access to Persistence in this layer was because it was defined this way.</div>
<div><br></div><div>But that sounds simple enough, thank you for your help!</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 22, 2014 at 10:30 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Add a persistence-unit for it to:<br>
<br>
* standalone/deployments/auth-server.war/WEB-INF/classes/META-INF/persistence.xml<br>
<br>
Then use Persistence.createEntityManagerFactory(name) in AuthenticationProviderFactory.init, and create a new EntityManager in AuthenticationProviderFactory.init and pass into AuthenticationProvider.<br>
<div class="im HOEnZb"><br>
----- Original Message -----<br>
> From: "Rodrigo Sasaki" <<a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a>><br>
</div><div class="HOEnZb"><div class="h5">> To: "Marek Posolda" <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>><br>
> Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Thursday, 22 May, 2014 2:20:39 PM<br>
> Subject: Re: [keycloak-user] Migrating Users Database<br>
><br>
> Hmm, I see..<br>
><br>
> In that case, since I'm using JPA, what would be the best way for me to get<br>
> access to an EntityManager on my implementation of the<br>
> AuthenticationProvider?<br>
><br>
><br>
> On Mon, May 19, 2014 at 5:20 PM, Marek Posolda < <a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a> > wrote:<br>
><br>
><br>
><br>
> Hi Rodrigo,<br>
><br>
> it's not "Settings and Authentication", but it's tab "Settings" and then top<br>
> bar called "Authentication" inside it. It will be opened if you login to<br>
> admin console and then open URL:<br>
> <a href="http://localhost:8081/auth/admin/#/realms/keycloak-admin" target="_blank">http://localhost:8081/auth/admin/#/realms/keycloak-admin</a> (Replace<br>
> 'keycloak-admin' with name of your realm, for example 'test'). Once you open<br>
> it, you can click to button "Add provider" and your provider should be<br>
> available in the list of available authentication providers.<br>
><br>
> For the inspiration, you can take a look at the existing implementations, for<br>
> example this one:<br>
> <a href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-picketlink" target="_blank">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-picketlink</a><br>
> and it's configuration in file:<br>
> <a href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory" target="_blank">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-picketlink/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory</a><br>
> . Note that it's using standard java ServiceLoader mechanism described here<br>
> - <a href="http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html" target="_blank">http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html</a><br>
><br>
> You don't need implement RealmAdapter . RealmAdapter is not related to<br>
> authentication SPI. It's implementation of interface RealmModel, which is<br>
> part of model-api. You need to implement model-api just in case that you<br>
> want to create your own storage for all keycloak data, but implementing<br>
> whole model-api is much more complicated and challenging than implementation<br>
> of authentication-api.<br>
><br>
> So in shortcut, you need to implement AuthenticationProvider interface, which<br>
> will be able to read data from your internal database.<br>
><br>
> Marek<br>
><br>
><br>
> On 19.5.2014 18:05, Rodrigo Sasaki wrote:<br>
><br>
><br>
><br>
> I have done most of what you mentioned, although I didn't find the "Settings<br>
> and Authentication" part on the Realm Settings. I couldn't add the new<br>
> provider to it like you said, and the version I'm using is the one available<br>
> on the github repo.<br>
><br>
> Also I saw that I should probably implement a RealmAdapter aswell, to provide<br>
> access to my table structure, is that correct? If so, how should I configure<br>
> Keycloak to use my adapter to find users, and not it's default one? Or at<br>
> least not only it's default one<br>
><br>
><br>
> On Fri, May 16, 2014 at 4:50 AM, Stian Thorgersen < <a href="mailto:stian@redhat.com">stian@redhat.com</a> > wrote:<br>
><br>
><br>
><br>
> We will add some documentation to this soon, but you basically need to:<br>
><br>
> - Implement<br>
> <a href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java" target="_blank">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProviderFactory.java</a><br>
> - Implement<br>
> <a href="https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java" target="_blank">https://github.com/keycloak/keycloak/blob/master/authentication/authentication-api/src/main/java/org/keycloak/authentication/AuthenticationProvider.java</a><br>
> - Add a<br>
> 'META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory'<br>
> that contains the fully qualified name of your AuthenticationProviderFactory<br>
> implementation<br>
><br>
> Build as a JAR and drop into<br>
> keycloak/standalone/deployments/auth-server.war/WEB-INF/lib.<br>
><br>
> Start the server, open the admin console, navigate to realm settings and<br>
> authentication. Click Add Provider and it should now have your new provider.<br>
> Add it to the realm.<br>
><br>
> It will now use your provider to authenticate users.<br>
><br>
> ----- Original Message -----<br>
> > From: "Rodrigo Sasaki" < <a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a> ><br>
> > To: "Bill Burke" < <a href="mailto:bburke@redhat.com">bburke@redhat.com</a> ><br>
> > Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > Sent: Thursday, 15 May, 2014 7:30:00 PM<br>
> > Subject: Re: [keycloak-user] Migrating Users Database<br>
> ><br>
> > By the way, do you have further information regarding that SPI you<br>
> > mentioned?<br>
> ><br>
> > I was looking at the source code but I couldn't derive much from it, I<br>
> > don't<br>
> > know exactly how I should implement my own provider, and how do I tell<br>
> > keycloak to use mine instead of its own.<br>
> ><br>
> ><br>
> > On Thu, May 15, 2014 at 11:05 AM, Rodrigo Sasaki < <a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a><br>
> > ><br>
> > wrote:<br>
> ><br>
> ><br>
> ><br>
> > That's quite alright at the moment.<br>
> ><br>
> > We have seen the roadmap and if it stays around the announced dates, there<br>
> > shouldn't be a problem for us here.<br>
> ><br>
> ><br>
> > On Thu, May 15, 2014 at 11:03 AM, Bill Burke < <a href="mailto:bburke@redhat.com">bburke@redhat.com</a> > wrote:<br>
> ><br>
> ><br>
> > FYI, Keycloak will be very slow until we start our performance work<br>
> > (scheduled for Beta-2). Right now, every login/logout/token action is<br>
> > all DB hits. We don't cache anything at the moment!<br>
> ><br>
> > On 5/15/2014 7:02 AM, Rodrigo Sasaki wrote:<br>
> > > I am very interested in importing the whole database. It seems to be the<br>
> > > cleanest way to do what we want to do here, and migrate to keycloak<br>
> > > completely.<br>
> > ><br>
> > > Are there any guidelines on how to do this? Nonetheless I will look into<br>
> > > the SPI you mentioned, might come in handy sometime.<br>
> > ><br>
> > ><br>
> > > On Thu, May 15, 2014 at 5:13 AM, Stian Thorgersen < <a href="mailto:stian@redhat.com">stian@redhat.com</a><br>
> > > <mailto: <a href="mailto:stian@redhat.com">stian@redhat.com</a> >> wrote:<br>
> > ><br>
> > > At the moment we have an Authentication SPI that will let you easily<br>
> > > authenticate users with your existing database of users. The first<br>
> > > time a new user logs in using this approach a user will be pulled in<br>
> > > to the Keycloak database. There's no documentation for this feature<br>
> > > yet, but look at the SPI at<br>
> > > <a href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-api" target="_blank">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-api</a><br>
> > > and the implementation that uses the Keycloak model itself to<br>
> > > authenticate at<br>
> > > <a href="https://github.com/keycloak/keycloak/tree/master/authentication/authentication-model" target="_blank">https://github.com/keycloak/keycloak/tree/master/authentication/authentication-model</a><br>
> > > .<br>
> > ><br>
> > > In the future we plan to provide a Sync SPI that will take this one<br>
> > > step further and let you sync users (and roles) to/from an existing<br>
> > > database.<br>
> > ><br>
> > > However, if you plan to completely replace your current<br>
> > > authentication system the cleanest solution may be to import your<br>
> > > current user database into Keycloak once and for all. If you're<br>
> > > interested in this approach let me know.<br>
> > ><br>
> > > ----- Original Message -----<br>
> > > > From: "Rodrigo Sasaki" < <a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a><br>
> > > <mailto: <a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a> >><br>
> > > > To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > <mailto: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a> ><br>
> > > > Sent: Wednesday, 14 May, 2014 8:52:07 PM<br>
> > > > Subject: [keycloak-user] Migrating Users Database<br>
> > > ><br>
> > > > Hi,<br>
> > > ><br>
> > > > I'm trying to replace my current authentication system with<br>
> > > Keycloak, but I<br>
> > > > have one problem. I already have a database of users, populated with<br>
> > > > millions of records, and I wanted to make it work with Keycloak.<br>
> > > ><br>
> > > > What would be the best approach on this scenario? Should I<br>
> > > migrate everything<br>
> > > > to the Keycloak tables, or try to make Keycloak understand my current<br>
> > > > database?<br>
> > > ><br>
> > > > Is there any recommendation on this matter? And if there is, some<br>
> > > explanation<br>
> > > > or documentation?<br>
> > > ><br>
> > > > Thanks!<br>
> > > ><br>
> > > > --<br>
> > > > Rodrigo Sasaki<br>
> > > ><br>
> > > > _______________________________________________<br>
> > > > keycloak-user mailing list<br>
> > > > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a> <mailto: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a> ><br>
> > > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > > --<br>
> > > Rodrigo Sasaki<br>
> > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > keycloak-user mailing list<br>
> > > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> > ><br>
> ><br>
> > --<br>
> > Bill Burke<br>
> > JBoss, a division of Red Hat<br>
> > <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
> > _______________________________________________<br>
> > keycloak-user mailing list<br>
> > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> ><br>
> >admin<br>
><br>
> ><br>
> > --<br>
> > Rodrigo Sasaki<br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > Rodrigo Sasaki<br>
> ><br>
> > _______________________________________________<br>
> > keycloak-user mailing list<br>
> > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>
</div>