<div dir="ltr"><div>Looks good. To answer your question on PasteBin about setting fields: this is going to be implementation specific but the way to set them on the Keycloak user model is below.</div><div><br></div><div>       RemoteUser remoteUser = // get legacy system user, replace getters below with methods matching your domain</div><div><br></div><div><div>        userModel.setFederationLink(model.getId());</div><div>        userModel.setEnabled(remoteUser.isEnabled()); // or set to true</div><div>        userModel.setEmail(username); // assume username is email, if not get email from data source</div><div>        userModel.setEmailVerified(remoteUser.isEmailVerified()); // or set to true</div><div>        userModel.setFirstName(remoteUser.getFirstName());</div><div>        userModel.setLastName(remoteUser.getLastName());</div></div><div><br></div><div>~ Scott</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 5, 2015 at 2:17 PM, Remi Cartier <span dir="ltr">&lt;<a href="mailto:remi.cartier@imetrik.com" target="_blank">remi.cartier@imetrik.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">



<div style="word-wrap:break-word">
Me again,
<div><br>
</div>
<div>I have written some simple FederationProvider for my migration case.</div>
<div>I put them on pastebin here :</div>
<div><br>
</div>
<div>
<div><a href="http://pastebin.com/sqt2Pm3P" target="_blank">http://pastebin.com/sqt2Pm3P</a> - JdbcUserFederationProviderFactory</div>
<div><a href="http://pastebin.com/5JJyb7bm" target="_blank">http://pastebin.com/5JJyb7bm</a> - JdbcUserFederationProvider</div>
<div><br>
</div>
<div>I tried to follow your recommendations.</div>
<div><br>
</div>
<div>Does it seem to make sense ?</div>
<div><br>
</div>
<div>Thank you guys !</div><span class="">
<div><br>
<hr align="left" style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px;border:0px;width:320px;min-height:1px;background-color:rgb(64,174,73)">
<p class="MsoNormal" style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin:0cm 0cm 1pt">
<br style="color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;font-size:12px;line-height:14px">
<span style="color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;font-size:12px;line-height:14px;text-transform:uppercase">REMI CARTIER</span><br style="color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;font-size:12px;line-height:14px">
</p>
<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<span style="text-align:-webkit-auto;line-height:14px"><font color="#666666" face="Helvetica, Arial, sans-serif">B.O.S.S. (Business &amp; Operation Support Systems) P.O (Product Owner)</font></span></div>
<br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<strong style="font-size:12px;font-style:normal;font-variant:normal;letter-spacing:normal;text-align:start;text-indent:0px;white-space:normal;word-spacing:0px;color:rgb(64,174,73);font-family:Helvetica,Arial,sans-serif;line-height:14px;text-transform:uppercase">IMETRIK
 GLOBAL INC.</strong><span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px"> </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<strong style="font-size:12px;font-style:normal;font-variant:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">T
 :</strong><span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px"> +1
 <a href="tel:514%20448-6407%20x2009" value="+15144486407" target="_blank">514 448-6407 x2009</a></span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<strong style="font-size:12px;font-style:normal;font-variant:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">T
 :</strong><span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px"> +1
 <a href="tel:866%20276-5382" value="+18662765382" target="_blank">866 276-5382</a> (toll free) </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<strong style="font-size:12px;font-style:normal;font-variant:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">F
 :</strong><span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px"> +1
 <a href="tel:514%20904-0611" value="+15149040611" target="_blank">514 904-0611</a> </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">740
 Notre Dame St. West, Suite 1575 </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">Montreal,
 Quebec, Canada H3C 3X6 </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<a href="http://www.imetrik.com/" style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(64,174,73);font-family:Helvetica,Arial,sans-serif;line-height:14px" target="_blank">imetrik.com</a>
</div>
<br>
</span><div>
<blockquote type="cite"><span class="">
<div>On Oct 5, 2015, at 1:13 PM, Scott Rossillo &lt;<a href="mailto:srossillo@smartling.com" target="_blank">srossillo@smartling.com</a>&gt; wrote:</div>
<br>
</span><div><div class="h5"><div>
<div style="word-wrap:break-word">
<div>I’d recommend using a federation provider. Others may have another opinion but here’s the approach I like, using a federation provider:</div>
<div><br>
</div>
<div>Create the user when Keycloak calls one of these methods on the federation provider and the user exists in the legacy system:</div>
<div><br>
</div>
<div>UserFederationProvider.getUserByUsername()</div>
<div>UserFederationProvider.getUserByEmail()</div>
<div><br>
</div>
<div>This creates the federation link. However, do not set a password for the user yet (you wouldn’t know what to set it to yet anyway). Then, when Keycloak calls:</div>
<div><br>
</div>
<div>UserFederationProvider.validCredentials(RealmModel realm, UserModel user, List&lt;UserCredentialModel&gt; input)</div>
<div><br>
</div>
<div>query your legacy system to see if the given user and password combination is valid. If so:</div>
<div><br>
</div>
<div>1. Update the user (in Keycloak) to have password supplied in List&lt;UserCredentialModel&gt; input</div>
<div>2. Break the federation link (session.userStorage().getUserById(user.getId(), realm).setFederationLink(null);)</div>
<div><br>
</div>
<div>I’m going to publish a template for migrating users using this approach soon. For now, I hope this is enough to get you going in the right direction if you choose the federation provider approach.</div>
<div><br>
</div>
<div>~ Scott</div>
<br>
<div>
<div>Scott Rossillo</div>
<div>Smartling | Senior Software Engineer</div>
<div><a href="mailto:srossillo@smartling.com" target="_blank">srossillo@smartling.com</a></div>
<div><br>
</div>
<div><a href="https://app.sigstr.com/uc/55e5d41c6533390d03580000" style="color:rgb(0,75,118);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255);outline:0px!important" target="_blank"><img alt="Latest News + Events" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/img" style="border:0px;vertical-align:top;max-width:100%;min-height:auto;width:inherit;color:blue;font-family:Helvetica;font-size:12px"></a><span style="color:rgb(169,169,169);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255)"></span>
<div style="color:rgb(169,169,169);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255)">
<a href="http://www.sigstr.com/" style="color:rgb(0,124,194);text-decoration:none;background-color:transparent;outline:0px!important" target="_blank"><img alt="Powered by Sigstr" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark" style="border:0px;vertical-align:top;max-width:100%;min-height:auto;width:inherit;color:rgb(99,99,99);font-family:Helvetica;font-size:11px"></a></div>
</div>
</div>
<br>
<div>
<blockquote type="cite">
<div>On Oct 5, 2015, at 11:59 AM, Remi Cartier &lt;<a href="mailto:remi.cartier@imetrik.com" target="_blank">remi.cartier@imetrik.com</a>&gt; wrote:</div>
<br>
<div>
<div style="word-wrap:break-word">
Hey guys,
<div><br>
</div>
<div>I will have to migrate from a custom in house user management system to keycloak.</div>
<div>We are using this algorithm to store salted/hashed password :</div>
<div><br>
</div>
<div>
<div>    public static String hashPassword(String password, String salt) {</div>
<div>        try {</div>
<div>            KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 2048, 160);</div>
<div>            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(&quot;PBKDF2WithHmacSHA1&quot;);</div>
<div>            byte[] hash = secretKeyFactory.generateSecret(keySpec).getEncoded();</div>
<div>            return new BigInteger(1, hash).toString(16);</div>
<div>        } catch (Exception x) {</div>
<div>            throw new IllegalStateException(x);</div>
<div>        }</div>
<div>    }</div>
<div><br>
</div>
<div>I was wondering, in order to ease the migration, if I could configure keycloak to use the same hash algorithm ?</div>
<div><br>
</div>
<div>Or if there was any other ways ? Like maybe a federation provider, but then comes the question when to push things into keycloak, at password change ?</div>
<div><br>
</div>
<div>What do you think ?</div>
<div><br>
</div>
<div>Sincerely.</div>
<div><br>
<hr align="left" style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px;border:0px;width:320px;min-height:1px;background-color:rgb(64,174,73)">
<p class="MsoNormal" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin:0cm 0cm 1pt">
<br style="color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;font-size:12px;line-height:14px">
<span style="color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;font-size:12px;line-height:14px;text-transform:uppercase">REMI CARTIER</span><br style="color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;font-size:12px;line-height:14px">
</p>
<div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<span style="text-align:-webkit-auto;line-height:14px"><font color="#666666" face="Helvetica, Arial, sans-serif">B.O.S.S. (Business &amp; Operation Support Systems) P.O (Product Owner)</font></span></div>
<br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<strong style="font-size:12px;font-style:normal;font-variant:normal;letter-spacing:normal;text-align:start;text-indent:0px;white-space:normal;word-spacing:0px;color:rgb(64,174,73);font-family:Helvetica,Arial,sans-serif;line-height:14px;text-transform:uppercase">IMETRIK
 GLOBAL INC.</strong><span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px"> </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<strong style="font-size:12px;font-style:normal;font-variant:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">T
 :</strong><span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px"> +1
 <a href="tel:514%20448-6407%20x2009" value="+15144486407" target="_blank">514 448-6407 x2009</a></span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<strong style="font-size:12px;font-style:normal;font-variant:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">T
 :</strong><span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px"> +1
 <a href="tel:866%20276-5382" value="+18662765382" target="_blank">866 276-5382</a> (toll free) </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<strong style="font-size:12px;font-style:normal;font-variant:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">F
 :</strong><span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px"> +1
 <a href="tel:514%20904-0611" value="+15149040611" target="_blank">514 904-0611</a> </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">740
 Notre Dame St. West, Suite 1575 </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<span style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">Montreal,
 Quebec, Canada H3C 3X6 </span><br style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(102,102,102);font-family:Helvetica,Arial,sans-serif;line-height:14px">
<a href="http://www.imetrik.com/" style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(64,174,73);font-family:Helvetica,Arial,sans-serif;line-height:14px" target="_blank">imetrik.com</a>
</div>
<br>
</div>
</div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
</blockquote>
</div>
<br>
</div>
</div>
</div></div></blockquote>
</div>
<br>
</div>
</div>

</blockquote></div><br></div>