You can use option 1. Create your own user provider, inside the provider
lookup the JPA provider and delegate to that, but create a wrapper that
encrypts/decrypts the personal details.
Just to point out that the User SPI is currently being reworked and you
would most likely have to do some refactoring once it is ready, which
should be in a month or two.
On 23 June 2016 at 20:35, Aaron Harnly <aharnly(a)amplify.com> wrote:
Hi there,
I'm on Day 1 of looking at Keycloak, although some colleagues have been
using it successfully. Please forgive the naiveté of the question, but I'd
love confirmation that I'm on the right track.
I'd like to ensure that user email addresses, names, and usernames are
encrypted by the KeyCloak application before persisting to a relational
store.
org.keycloak.models.jpa.entities.UserEntity is pretty obviously the place
to do that – the natural question is, what is the best way for me to
provide a slightly customized UserEntity.java in which I can do my desired
encryption/decryption?
My initial scan of docs and repo suggests one of the following:
1) Create a UserProvider analogous to the JpaUserProvider, but with my own
UserEntity subclass.
2) If needed, follow the approach described in this thread[1] from
November to implement a custom Hibernate EntityManager, but I don't think
that's necessary for my case, and don't yet fully understand that.
3) Something else.
[1]
http://lists.jboss.org/pipermail/keycloak-dev/2015-November/005745.html
Thoughts or advice appreciated!
Aaron
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev