<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 19.3.2015 21:09, Anton Hughes wrote:<br>
</div>
<blockquote
cite="mid:CAMOUzMDTA5j8+0MB=ghq-ZZHDP3MXsfAUuBdX1MHqEYCHnvpYA@mail.gmail.com"
type="cite">
<div dir="ltr">Thank you Marek
<div><br>
</div>
<div>To check that I understand this approach correctly, is the
following a correct summary of how a federation provider
works?</div>
<div><br>
</div>
<div>
<ol>
<li>existing user tries to login via Keycloak<br>
</li>
<li>Keycloak checks if the user exists in the keycloak IDM.
If user is not there then use federation provider</li>
<li>the provider will get the user by email address or
username, and return the User object.<br>
</li>
<li>This user object can then be mapped and saved into
keycloak. <br>
</li>
<li>Next time user tries to login user is retrieved from
keycloak idm</li>
</ol>
</div>
</div>
</blockquote>
Yes, Keycloak also verified during each authentication (or
interaction with the UserModel) if user still exists in your backend
and it's removed from Keycloak DB if not. <br>
<br>
Normally user is synced to Keycloak DB after successful login (your
step 4), but you can also sync all your users from your storage at
once or setup periodic sync. <br>
<br>
User password would be verified against your DB, but it is flexible
enough, so for example if user change his password in Keycloak
Account mgmt you can either save it to your backend or to keycloak
DB etc.
<blockquote
cite="mid:CAMOUzMDTA5j8+0MB=ghq-ZZHDP3MXsfAUuBdX1MHqEYCHnvpYA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Question - where is the federated provider deployed? Is
it in our app, or installed into Keycloak? Or something
else?</div>
</div>
</div>
</blockquote>
Installed into Keycloak. I would suggest to take a look at examples
and try them out. This will give you more insight.<br>
<br>
Marek<br>
<blockquote
cite="mid:CAMOUzMDTA5j8+0MB=ghq-ZZHDP3MXsfAUuBdX1MHqEYCHnvpYA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Mar 19, 2015 at 8:03 PM, Marek
Posolda <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi,<br>
<br>
it will be best if you write custom FederationProvider
and point it to your database. See <a
moz-do-not-send="true"
href="http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/user_federation.html"
target="_blank">http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/user_federation.html</a>
and examples in appliance-dist (Subdirectory
examples/providers)<br>
<br>
Marek
<div>
<div class="h5"><br>
<br>
On 19.3.2015 19:58, Anton Hughes wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr"><br clear="all">
<div>Hello</div>
<div><br>
</div>
<div>Im currently investigating using Keycloak as
a solution to manage users, as well as
authentication and authorization.</div>
<div><br>
</div>
<div>Currently, we have a jboss Errai application,
and have a relational database of users and
their encrypted password.</div>
<div><br>
</div>
<div>Is there any tutorials, or advice, on how we
would migrate our users to the Keycloak IDM? </div>
<div><br>
</div>
<div>Thanks and regards</div>
<div>Anton</div>
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><b
style="font-weight:normal"><span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span></b><b
style="font-weight:normal"><span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span></b></b></div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr"><b>
<p dir="ltr"
style="font-weight:normal;line-height:1.15;margin-top:0pt;margin-bottom:0pt"><b
style="font-weight:normal"><br>
<span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span></b></p>
<div dir="ltr">
<table style="border:none;border-collapse:collapse">
<colgroup><col width="210"><col width="303"></colgroup><tbody>
<tr style="height:0px">
<td style="border:0px solid
#000000;vertical-align:top;padding:7px 7px
7px 7px"><span style="font-weight:normal"><font>Anton
Hughes<br>
<br>
Co-founder</font></span>
<p dir="ltr"
style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span
style="text-decoration:underline;font-size:15px;font-family:Arial;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline;white-space:pre-wrap;font-weight:normal"><a
moz-do-not-send="true"
href="mailto:ah@magick.nu"
style="text-decoration:none"
target="_blank">ah@magick.nu</a></span></p>
<p dir="ltr"
style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><a
moz-do-not-send="true"
href="http://www.magick.nu"
target="_blank"><font size="4">www.magick.nu</font></a></p>
<p dir="ltr"
style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span><img
moz-do-not-send="true"
src="https://lh5.googleusercontent.com/iK9bHpfIKHFoE-lzBKNtIfBkrOoQ2VGnQ-4RKLCF3509OgW-oyPd-nvgjieCxwik_IXDw6z8ADuNPJQ4S8AwU2T2aGh-ioaKvPYt_0fyGJqLqhgzeyZJS0uInQ"
height="20px;" width="27px;"><span
style="font-size:15px;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:bold;vertical-align:baseline;white-space:pre-wrap"></span></p>
</td>
<td style="border:0px solid
#000000;vertical-align:top;padding:7px 7px
7px 7px"><span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span><br>
</td>
</tr>
<tr style="height:0px">
<td style="border:0px solid
#000000;vertical-align:top;padding:7px 7px
7px 7px"><br>
<span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span></td>
<td style="border:0px solid
#000000;vertical-align:top;padding:7px 7px
7px 7px"><br>
</td>
</tr>
</tbody>
</table>
</div>
<b style="font-weight:normal"><br>
<span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span><br>
<span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span><br>
<span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span></b><b
style="font-weight:normal"><span
style="font-size:11px;font-family:Arial;color:rgb(0,102,153);vertical-align:baseline;white-space:pre-wrap"></span></b></b></div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>