I agree. I think that could solve these issues. Is that something that can
go on a near release?
Thank yoy
On 11 Dec 2015 12:15, "Vlastimil Elias" <velias(a)redhat.com> wrote:
On 11.12.2015 12:19, Marek Posolda wrote:
I think what we can possibly do is:
1) Improve KeycloakTransactionManager to allow enlist with "priority" .
Instead of methods:
void enlist(KeycloakTransaction transaction);
void enlistAfterCompletion(KeycloakTransaction transaction);
we will have single method:
void enlist(KeycloakTransaction transaction, int priority);
By default, JPA will enlist transaction with priority 10 and infinispan
with priority 20 or something like that.
This change will allow to enlist your transaction in your
FederationProvider with exact priority. So you can choose whether the
commit will happen before JPA commit, or after JPA commit or even after
infinispan commit etc.
+1, this may help to resolve current problems
2) Make TxAwareLDAPUserModelDelegate class more generic and reusable for
other federation providers
may also help, but point 1 with correct documentation is main what we have
to do
Thanks
Vlastimil
Marek
On 11/12/15 10:50, Vlastimil Elias wrote:
Hi,
I use similar approach and problem is (at least I think) that local DB
transaction is already commited when our code runs. It has two negative
effects:
- if remote service call is successful you are not able to write anything
locally as Jorge mentioned
- if remote service call fails local DB record is commited already and it
is hard to implement correct error handling
So I think User Federation SPI should be extended by exact method which
allows atomic call of backend during user creation or update before local
transaction is commited. I already created issue for it but not resolved
yet
https://issues.jboss.org/browse/KEYCLOAK-1075
Vlastimil
On 10.12.2015 18:49, Jorge M. wrote:
Hi,
I think I'm in the right track now. I'm being able to call the webservice
before commit. However, when the user is sucessfully created by the
webservice, I need to update my local user to add a property with the
external user id. How can I do that in the same transaction?
I'm trying to set the property on the managed delegate user model, but it
has no effect.
Thank you!
On 9 Dec 2015 18:39, "Marek Posolda" <mposolda(a)redhat.com> wrote:
> On 09/12/15 19:33, Jorge M. wrote:
>
> I'm developing a custom federation that communicates with my user
> repository via webservices.
> Probably this is a very strange scenario for a federation but that's the
> unique way that I have to communicate with the repository.
>
> My problem is that, as the webservices only exposes methods such as
> createUser and updateUser, I'm having problems with registrations and user
> profile updates because I'm not being able to do atomic calls to the
> webservice methods, with all the information that I need.
>
> As far as I know, from the properties file example and from the ldap
> federation source (probably I'm missing something) it seems that the
> federation api is intended to update and sync attribute by attribute
> (Keycloak <-> Federation).
> Am i wrong? Do you suggest another approach? Should I give up from having
> a federation that uses a webservice?
>
> You can use "transaction wrapper", which will allow you to store all the
> updates to user locally, but send the UPDATE request to your webservice
> later at transaction commit time. You may need to create custom transaction
> and enlist it with Keycloak TransactionManager.
>
> This is what we have for LDAP federation provider right now. See
> TxAwareLDAPUserModelDelegate.
>
> Marek
>
> Thank you.
>
>
> _______________________________________________
> keycloak-dev mailing
listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
_______________________________________________
keycloak-dev mailing
listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team
_______________________________________________
keycloak-dev mailing
listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev