<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Well, userFederation also supports
"registration" from keycloak to federationStorage. We use it for
writable-LDAP federationProvider (new user registered in Keycloak
is immediatelly added to LDAP too). Also the federation example is
showing it - if you look at
"examples/providers/federation-provider" then you see that <span
style="background-color:#e4e4ff;">ClasspathPropertiesFederationProvider
doesn't support registration of new users, but </span><span
style="background-color:#e4e4ff;">FilePropertiesFederationFactory</span><span
style="background-color:#e4e4ff;"></span> supports that. <br>
<br>
If you want to go this way, you just need to:<br>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
- ensure that YourUserFederationProvider.synchronizeRegistrations
returns "true"<br>
- <span style="background-color:#e4e4ff;">then in
YourUserFederationProvider.register you can implement saving
your user to your federationStorage. Note that at this point,
you have just user with username and ID available. If you want
to sync more attributes to your storage (ie. email, firstName,
lastName, passwords etc) you will need to return "proxy"
UserModel object, where you override some setter methods and
always when setter is called, you will sync changes to your
storage too. In the example you can see WritableUserModelProxy,
which supports updating passwords. <br>
<br>
We have some spaces for improve registration usecase though.
Ideally to have possibility to just send single request to
federationStorage during registering new user or during update
(this is already possible with current federationProvider API,
but cumbersome)... Also possibility to "bulk" sync keycloak
users to federationStorage. We plan to improve user federation
SPI for Keycloak 2.0 though.<br>
<br>
<br>
Marek</span>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<br>
<br>
On 04/05/16 13:33, Stian Thorgersen wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAcQQ9LhsKSxpEGT1M+eSXhTFHUQg+FKH5y1FvArNFn1fw@mail.gmail.com"
type="cite">
<div dir="ltr">Adding list back
<div><br>
</div>
<div>For your use-case user federation is not the way to go. As
I said it's been designed to pull users from an external
datasource into Keycloak, not to sync users into your
application.</div>
<div><br>
</div>
<div>You have two options really:</div>
<div><br>
</div>
<div>a) Add users when the login to your application. All the
details you need about the user can be added to the token and
you should only store what your application needs when the
user is not around, the rest you can retrieve from the token.
This is the simplest and I'd recommend this</div>
<div>b) Add an event listener that notifies your application
when new users register (if you have registration enabled) and
when admins create users<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 4 May 2016 at 09:44, Juan Diego <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:juandiego83@gmail.com" target="_blank">juandiego83@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">It is more a question of design, I think. I
have my app with its own database, it has a table users
with a relation one to many to another table let's call it
songs. The only reason I have the table users in my app
is because I need a way to know which songs belong to my
users. I am using keycloak to manage my login. <br>
I asked a while a long how people handle this and someone
referred to custom federation providers. <br>
My question is really regarding how to handle the
relations of your data when you have your users in a
different database from the rest of your data. </p>
<p dir="ltr">So far I can only think on 3 ways to solve this<br>
1) providers syncing users from keycloak to my database
replicating user ID. I managed to make this work on my
provider at the end, before you told me providers are not
meant for this. <br>
2) managing users in my own app. By this I mean I
wouldn't use keycloak web interface to create or delete
users. I have a form to create users in my app, and when
I save the data it connects to keycloak s rest api
creates a user if it works it copies username email and
the Id generated by keycloak to my local table users<br>
3) adding users in keycloak first then if they logging for
the first time add the user to the database </p>
<p dir="ltr">So far I was doing the 2nd option, it seems the
best suited. Is there another way to maintain data
relation with keycloak</p>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_quote">El may. 4, 2016 1:08 AM, "Stian
Thorgersen" <<a moz-do-not-send="true"
href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>>
escribió:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Not sure I'm following. Keycloak can
sync users created from your database, but it
can't write users back. New users created in
Keycloak directly are only stored in Keycloaks
database.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 29 April 2016 at
23:52, Juan Diego <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:juandiego83@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:juandiego83@gmail.com">juandiego83@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">So The recommend way would be
to create my own user administrator and when
I create a user it will create a user on
keycloak via keycloak s rest api.
<div>
<div><br>
<br>
<br>
<div>
<div class="gmail_extra">
<div class="gmail_quote">On Thu, Apr
28, 2016 at 11:21 PM, Stian
Thorgersen <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:sthorger@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sthorger@redhat.com">sthorger@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">User federation
isn't designed to push users
created in Keycloak to the
database. It only supports
syncing users that are created
in the database.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div>On 27 April 2016 at
18:55, Juan Diego <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:juandiego83@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:juandiego83@gmail.com">juandiego83@gmail.com</a></a>></span>
wrote:<br>
</div>
</div>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>I was
checking the
example for
federation-properties-example.
In both
examples when
you sync all
users, it just
checks for the
users in the
properties
file and adds
it to keycloak
if it doesnt
exist.<br>
</div>
If I want to do
it both ways, so
it adds users
from keycloak to
my database, and
users from my
database to
keycloak.
Should I add
them here? I am
not managing any
password on my
database, so i
just need user
id and username
and maybe email.<br>
<br>
</div>
Also when I add a
new user I can
tell that
syncronizeRegistrations()
is being called
but it is null.
In order to create
a new user in my
database, should I
call a create user
function to my
database here.<br>
<br>
</div>
Thanks,<br>
<br>
<br>
</div>
<br>
</div>
</div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>