<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi,<div class=""><br class=""></div><div class="">The example omits securing the endpoints for simplicity demonstrating the concepts. I’d suggest using some type of security though on the legacy system if the endpoints are publicly accessible though.</div><div class=""><br class=""></div><div class="">Best,</div><div class="">Scott</div><div class=""><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Scott Rossillo</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Smartling | Senior Software Engineer</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
</div>
</div></div><br class=""><div><blockquote type="cite" class=""><div class="">On Feb 11, 2016, at 9:35 AM, Reed Lewis <<a href="mailto:RLewis@carbonite.com" class="">RLewis@carbonite.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif;" class="">
<div class="">
<div class="">The endpoint that is used by the federation provider is only called from Keycloak, so you can run it on localhost on the keycloak machine if that is going to work for you.</div>
<div class=""><br class="">
</div>
<div class="">OTOH, if you need to run it on a different machine, you can lock down the endpoint to only be accessible from the Keycloak server.</div>
<div class=""><br class="">
</div>
<div class="">End users never call the endpoint I documented.</div>
<div class=""><br class="">
</div>
<div class="">Reed</div>
<div class="">
<div id="MAC_OUTLOOK_SIGNATURE" class=""></div>
</div>
</div>
<div class=""><br class="">
</div>
<span id="OLK_SRC_BODY_SECTION" class="">
<div style="font-family: Calibri; font-size: 12pt; text-align: left; border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-top-color: rgb(181, 196, 223);" class="">
<span style="font-weight:bold" class="">From: </span><<a href="mailto:darkness.renann@gmail.com" class="">darkness.renann@gmail.com</a>> on behalf of Renann Prado <<a href="mailto:prado.renann@gmail.com" class="">prado.renann@gmail.com</a>><br class="">
<span style="font-weight:bold" class="">Date: </span>Thursday, February 11, 2016 at 8:17 AM<br class="">
<span style="font-weight:bold" class="">To: </span>Reed Lewis <<a href="mailto:RLewis@carbonite.com" class="">RLewis@carbonite.com</a>><br class="">
<span style="font-weight:bold" class="">Cc: </span>"<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a>" <<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a>>, Stuart Jacobs <<a href="mailto:stuart.jacobs@symbiotics.co.za" class="">stuart.jacobs@symbiotics.co.za</a>><br class="">
<span style="font-weight:bold" class="">Subject: </span>Re: [keycloak-user] User-Federation<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><p dir="ltr" class="">Everyone*</p>
<div class="gmail_quote">On Feb 11, 2016 11:16, "Renann Prado" <<a href="mailto:prado.renann@gmail.com" class="">prado.renann@gmail.com</a>> wrote:<br type="attribution" class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr" class="">Is there any recommended way to make sure these endpoints won't be spammed by an attacker? Looks like these endpoints need to be open to anyone.</p><p dir="ltr" class="">Thanks</p>
<div class="gmail_quote">On Feb 3, 2016 11:18, "Reed Lewis" <<a href="mailto:RLewis@carbonite.com" target="_blank" class="">RLewis@carbonite.com</a>> wrote:<br type="attribution" class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap: break-word; font-size: 14px; font-family: Calibri, sans-serif;" class="">
<div class="">
<div class="">If you use the federation provider listed here:</div>
<div class=""><br class="">
</div>
<div class="">
<div style="font-family:Calibri" class="">[0]: <a href="http://tech.smartling.com/migrate-to-keycloak-with-zero-downtime/" target="_blank" class="">http://tech.smartling.com/migrate-to-keycloak-with-zero-downtime/</a></div>
<div style="font-family:Calibri" class="">[1]: <a href="https://github.com/Smartling/keycloak-user-migration-provider" target="_blank" class="">https://github.com/Smartling/keycloak-user-migration-provider</a></div>
</div>
<div class=""><br class="">
</div>
<div class="">You can specify a URL that will be called when a user needs to be validated.</div>
<div class=""><br class="">
</div>
<div class="">There are three requests that need to be implemented in your sever.</div>
<div class=""><br class="">
</div>
<div class="">GET <baseURL>/api/users/<username>/</div>
<div class="">If the user exists, it should return a 200 with a json object with the return type “application/json” with the following fields:</div>
<div class="">username</div>
<div class="">email</div>
<div class="">emailVerified</div>
<div class="">
<div class=""></div>
</div>
</div>
<div class="">firstName</div>
<div class="">lastName</div>
<div class="">roles [“user”]</div>
<div class=""><br class="">
</div>
<div class="">If the user does not exist, return a 404 </div>
<div class=""><br class="">
</div>
<div class="">HEAD <baseURL>/api/users/<username>/</div>
<div class="">Always return 200</div>
<div class=""><br class="">
</div>
<div class="">POST <baseURL>/api/users/<username>/</div>
<div class="">The password is posted to you in a json object.</div>
<div class="">Return 200 if the password is OK, 401 if not. In both cases return no data.</div>
<div class=""><br class="">
</div>
<div class="">I wrote a small python module which implements these methods which works quite well.</div>
<div class=""><br class="">
</div>
<div class="">Reed</div>
<div class=""><br class="">
</div>
<span class="">
<div style="font-family: Calibri; font-size: 12pt; text-align: left; border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-top-color: rgb(181, 196, 223);" class="">
<span style="font-weight:bold" class="">From: </span><<a href="mailto:keycloak-user-bounces@lists.jboss.org" target="_blank" class="">keycloak-user-bounces@lists.jboss.org</a>> on behalf of Stuart Jacobs <<a href="mailto:stuart.jacobs@symbiotics.co.za" target="_blank" class="">stuart.jacobs@symbiotics.co.za</a>><br class="">
<span style="font-weight:bold" class="">Date: </span>Wednesday, February 3, 2016 at 2:40 AM<br class="">
<span style="font-weight:bold" class="">To: </span>"<a href="mailto:keycloak-user@lists.jboss.org" target="_blank" class="">keycloak-user@lists.jboss.org</a>" <<a href="mailto:keycloak-user@lists.jboss.org" target="_blank" class="">keycloak-user@lists.jboss.org</a>><br class="">
<span style="font-weight:bold" class="">Subject: </span>[keycloak-user] User-Federation<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">
<div dir="ltr" class="">Hi Everyone,
<div class=""><br class="">
</div>
<div class="">I have an application that runs on a postgresql database, keycloak has been configured and has created all the required tables/columns in my schema using liquibase on start up of the keycloak server.</div>
<div class=""><br class="">
</div>
<div class="">I need to authenticate users using the projects existing user table obtaining the username and password from this table.</div>
<div class=""><br class="">
</div>
<div class="">I have had a look at the federation provider project under the example projects but this still eludes me as to how I change the keycloak mapping to use my own tables in postgress?</div>
<div class=""><br class="">
</div>
<div class="">Can someone please point me in the right direction or if someone has implemented such a solution please share how you have done it?</div>
<div class=""><br class="">
</div>
<div class="">Thanks everyone. <br clear="all" class="">
<div class="">
<div class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class=""><br class="">
Regards,<br class="">
</div>
Stuart Jacobs</div>
<div dir="ltr" class=""><br class="">
</div>
<div dir="ltr" class=""><br class="">
<br class="">
<br class="">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
<img src="http://symbiotics.co.za/website/image/ir.attachment/1578_e14aa73/datas" height="56" width="200" class=""><br class="">
<br class="">
<a href="http://www.symbiotics.co.za/" target="_blank" class="">www.symbiotics.co.za</a><br class="">
********************************************************************************<br class="">
This email and any accompanying attachments may contain confidential and proprietary information. This information is private and protected by law and, accordingly, if you are not the intended recipient, you are requested to delete this entire communication
immediately and are notified that any disclosure, copying or distribution of or taking any action based on this information is prohibited.
<br class="">
<br class="">
Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any interception, corruption, destruction, loss, late arrival or incompleteness of or tampering or interference with any of
the information contained in this email or for its incorrect delivery or non-delivery for whatsoever reason or for its effect on any electronic device of the recipient.
<br class="">
<br class="">
******************************************************************************** </div>
</div>
</span></div>
<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br class="">
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank" class="">keycloak-user@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br class="">
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</span>
</div>
_______________________________________________<br class="">keycloak-user mailing list<br class=""><a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</div></blockquote></div><br class=""></div></body></html>