Hi,
I use similar approach and problem is (at least I think) that local DB
transaction is already commited when our code runs. It has two negative
effects:
- if remote service call is successful you are not able to write
anything locally as Jorge mentioned
- if remote service call fails local DB record is commited already and
it is hard to implement correct error handling
So I think User Federation SPI should be extended by exact method which
allows atomic call of backend during user creation or update before
local transaction is commited. I already created issue for it but not
resolved yet
https://issues.jboss.org/browse/KEYCLOAK-1075
Vlastimil
On 10.12.2015 18:49, Jorge M. wrote:
Hi,
I think I'm in the right track now. I'm being able to call the
webservice before commit. However, when the user is sucessfully
created by the webservice, I need to update my local user to add a
property with the external user id. How can I do that in the same
transaction?
I'm trying to set the property on the managed delegate user model, but
it has no effect.
Thank you!
On 9 Dec 2015 18:39, "Marek Posolda" <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
On 09/12/15 19:33, Jorge M. wrote:
>
> I'm developing a custom federation that communicates with my user
> repository via webservices.
> Probably this is a very strange scenario for a federation but
> that's the unique way that I have to communicate with the repository.
>
> My problem is that, as the webservices only exposes methods such
> as createUser and updateUser, I'm having problems with
> registrations and user profile updates because I'm not being able
> to do atomic calls to the webservice methods, with all the
> information that I need.
>
> As far as I know, from the properties file example and from the
> ldap federation source (probably I'm missing something) it seems
> that the federation api is intended to update and sync attribute
> by attribute (Keycloak <-> Federation).
> Am i wrong? Do you suggest another approach? Should I give up
> from having a federation that uses a webservice?
>
You can use "transaction wrapper", which will allow you to store
all the updates to user locally, but send the UPDATE request to
your webservice later at transaction commit time. You may need to
create custom transaction and enlist it with Keycloak
TransactionManager.
This is what we have for LDAP federation provider right now. See
TxAwareLDAPUserModelDelegate.
Marek
>
> Thank you.
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team