<div dir="ltr">I see now I am doing it wrong, and should stop doing it wrong ;] The <font face="monospace, monospace">/admin/realms/{realm}/partialImport</font> endpoint does not seem to accommodate importing user federation providers, but the runtime option <font face="monospace, monospace">-Dkeycloak.migration.action=import</font> does.<div><br></div><div>Great software!</div><div><br></div><div>Thanks again.</div><div>-John Bartko</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 24, 2016 at 1:43 PM, John Bartko <span dir="ltr"><<a href="mailto:john.bartko@drillinginfo.com" target="_blank">john.bartko@drillinginfo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thank you for taking the time to respond. Let me see if I can outline steps to reproduce:<div><br><div><ol><li>Run a DB and Keycloak container:<br><br><font face="monospace, monospace">docker run --name postgres -e POSTGRES_DATABASE=keycloak -e POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password -e POSTGRES_ROOT_PASSWORD=root_<wbr>password -d postgres</font><br><br><font face="monospace, monospace">docker run --rm --name keycloak --link postgres:postgres -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=changeme jboss/keycloak-postgres</font><br><br></li><li>Log in to admin web UI and make both a client and a LDAP user federation provider.<br><br></li><li>Ctrl+C to stop the keycloak container<br><br></li><li>Start a container connected to the same database for export:<br><br><font face="monospace, monospace">mkdir /opt/keycloak_export <br>chmod 0777 /opt/keycloak_export<br><br>docker run --rm --name keycloak_exporter --link postgres:postgres -v /opt/keycloak_export:/opt/<wbr>jboss/export jboss/keycloak-postgres -Dkeycloak.migration.action=<wbr>export -Dkeycloak.migration.provider=<wbr>dir -Dkeycloak.migration.dir=/opt/<wbr>jboss/export</font><br><br></li><li>Ctrl+C to stop the keycloak_exporter container.<br><br></li><li>Copy the realm export at /opt/keycloak_export/<wbr>master-realm.json to your workstation. The export should contain a populated userFederationProviders key:<br><br><font face="monospace, monospace">jq '.userFederationProviders' /opt/keycloak_export/master-<wbr>realm.json</font><br><br></li><li>Destroy the DB and start from a blank slate:<br><br><font face="monospace, monospace">docker rm -f postgres<br><br>docker run --name postgres -e POSTGRES_DATABASE=keycloak -e POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password -e POSTGRES_ROOT_PASSWORD=root_<wbr>password -d postgres<br><br>docker run --rm --name keycloak --link postgres:postgres -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=changeme jboss/keycloak-postgres</font><br><br></li><li>Log in to admin web UI and import the contents of master-realm.json<br><br></li><li>Result: the client is imported but the LDAP user federation provider is not.</li></ol><div>Is the import supposed to also pick up the user federation provider?</div></div></div><div><br></div><div>Thanks,</div><div>-John Bartko</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 24, 2016 at 1:35 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Btv. can't it be that you are exporting
different realm that when you have ldap federationProvider
configured?<span><font color="#888888"><br>
<br>
Marek</font></span><div><div><br>
<br>
On 24/08/16 08:34, Marek Posolda wrote:<br>
</div></div></div><div><div>
<blockquote type="cite">
<div>I am not 100% sure what exactly are
you doing. Are you able to have LDAP example up and running if
you exactly follow the steps in README <a href="https://github.com/keycloak/keycloak/blob/master/examples/ldap/README.md" target="_blank"></a><a href="https://github.com/keycloak/keycloak/blob/master/examples/ldap/README.md" target="_blank">https://github.com/keycloak/ke<wbr>ycloak/blob/master/examples/ld<wbr>ap/README.md</a>
?<br>
<br>
Or are you creating realm representation by hand? Instead of
creating by hand, we have possibility for export/import, which
is exactly for the use-case for migration between different envs
- <a href="https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.1/topics/export-import.html" target="_blank">https://keycloak.gitbooks.io/s<wbr>erver-adminstration-guide/cont<wbr>ent/v/2.1/topics/export-import<wbr>.html</a>
<br>
<br>
Marek<br>
<br>
On 24/08/16 00:10, John Bartko wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello all,
<div><br>
</div>
<div>I am attempting export user federation providers and
import them into a different Keycloak instance. The <a href="https://github.com/keycloak/keycloak/blob/master/examples/ldap/ldaprealm.json#L126-L152" target="_blank">ldap
example realm export</a> *looks* like the web admin UI
import can do what I need. After importing (<a href="https://github.com/keycloak/keycloak/tree/master/examples/ldap#keycloak-example---ldap" target="_blank">step
3 in the example's readme</a>) there are still no user
federation providers configured nor any indication of an
error.</div>
<div><br>
</div>
<div>Similarly, when doing an export at WildFly server boot on
a Keycloak instance with user federation configured, I do
not see any trace of the provider in the export.</div>
<div><br>
</div>
<div>Partial import of clients works fine. Is this the right
way to go about persisting realm configuration across
deploys/environments?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>-John Bartko</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>