On 17.1.2015 18:43, James Scicluna wrote:

Hello Keycloak Team,

at Medeo we are currently evaluating the possibility of using Keycloak as our authorization provider. In particular we are very excited about the comprehensive feature set that Keycloak offers.

Our users (and authorization) are currently handled by our main application but we want to move them out to a separate authorization provider for SSO. So far we thought about doing this in two ways:

- replicate our database, connect it to Keycloak and implement the matching hashing algorithms for user passwords

- federate the users to our existing database

Are these two plausible solutions? And, are there any other possible solutions?

Yes, I would probably go with the second approach . You can implement your own UserFederationProvider and point it to your database: http://docs.jboss.org/keycloak/docs/1.1.0.Beta2/userguide/html/user_federation.html . Then you can import your users either "on demand" (at the point they authenticate or someone search for them from keycloak admin console) or sync them all at once.

Marek

Thank you

--

James Scicluna

SOFTWARE ENGINEER

Stay Healthy.

@medeo

Office +1 888-297-2973

Fax +1 604-608-9761

For Health Providers medeohealth.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev