On 18 August 2016 at 20:30, Bill Burke <bburke@redhat.com> wrote:

On 8/18/16 4:59 AM, Stian Thorgersen wrote:
> Bill,
>
> Are you planing to have an option to allow import of users with the
> new user federation SPI? I'm not convinced we should completely remove
> this option.
>

The only callback that does not exist in the new SPI is
validateAndProxy(). With the current federation SPI, the developer
implements everything themselves for import. There are no
synchronization APIs/SPIs either.
> Some use-cases I could imagine:
>
> * Allow users to authenticate even if LDAP server is down
Our current LDAP provider will not work if LDAP is down, even with the
import :)

> * Allow migrating users away from LDAP

We can do anything we want for our LDAP implementation. This doesn't
mean that the SPI should have special support methods and interfaces for
synchronization and import.

I'd say migrating from one provider to the built-in provider (or even a different provider) is something that shouldn't be done by the provider themselves, but rather some sort of migration manager util.

Bill

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev