Import was really mostly targeted to migration or our demos or the
testsuite.
For migration, you would be importing a previous export of the local
keycloak storage and thus would not want to go through federation.
I guess import would need a switch on whether if it is an import into
local keycloak storage only or not?
On 10/16/2015 9:33 AM, Stan Silvert wrote:
Hmm. Sounds like during import we are making some assumptions about
how
the import file was created.
Like I said, when you import a realm from the admin console today it
uses session.userStorage().addUser(). So someone using this feature
should be aware that anything imported will not be federated. (If I
understand correctly)
Is that OK?
Is it OK going forward for partial imports? No federation?
On 10/16/2015 2:45 AM, Marek Posolda wrote:
> The session.userStorage().addUser() adds user directly to KC
> persistent storage (JPA, Mongo) and bypasses federation.
>
> When you're creating new user through Keycloak somehow (for example in
> admin console or during user registration), there is need to use
> "session.users().addUser()", so the user is propagated to federation
> storage as well. For example, if you have configured LDAP federation
> provider with WRITE editMode, the user will be created to LDAP as well
> in addition to Keycloak database. However during import, user usually
> already exists in LDAP as he was exported from previous environment.
>
> It's bit similar for example for default roles. When you create new
> user in admin console/registration, default roles are added to him.
> However during import, they are not as the user is supposed to have
> them already from previously exported DB.
>
> Marek
>
> On 15/10/15 23:28, Stan Silvert wrote:
>> Looks like import realm is using the same method so I guess it's OK. It
>> would still be interesting to know a bit about the effect of calling
>> session.userStorage().addUser() versus session.users().addUser(). We are
>> just relying on the provider settings to sync federated users?
>>
>> On 10/15/2015 5:07 PM, Stan Silvert wrote:
>>> I'm implementing import users from the admin console. I'd like to
use
>>> this method to create each user:
>>>
https://github.com/keycloak/keycloak/blob/master/model/api/src/main/java/...
>>>
>>>
>>> But I'm not sure of the effect since this method uses
>>> session.userStorage().addUser() instead of session.users().addUser().
>>>
>>> Anyone care to enlighten me?
>>>
>>> Stan
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev