8:39 a.m.
Alright then.
I guess I should alter the dependencies in pom.xml then, I just thought
that there was another way defined, perhaps on a different layer, and that
not having access to Persistence in this layer was because it was defined
this way.
But that sounds simple enough, thank you for your help!
On Thu, May 22, 2014 at 10:30 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
Add a persistence-unit for it to:
*
standalone/deployments/auth-server.war/WEB-INF/classes/META-INF/persistence.xml
Then use Persistence.createEntityManagerFactory(name) in
AuthenticationProviderFactory.init, and create a new EntityManager in
AuthenticationProviderFactory.init and pass into AuthenticationProvider.
----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com>
> To: "Marek Posolda" <mposolda(a)redhat.com>
> Cc: keycloak-user(a)lists.jboss.org
> Sent: Thursday, 22 May, 2014 2:20:39 PM
> Subject: Re: [keycloak-user] Migrating Users Database
>
> Hmm, I see..
>
> In that case, since I'm using JPA, what would be the best way for me to
get
> access to an EntityManager on my implementation of the
> AuthenticationProvider?
>
>
> On Mon, May 19, 2014 at 5:20 PM, Marek Posolda < mposolda(a)redhat.com >
wrote:
>
>
>
> Hi Rodrigo,
>
> it's not "Settings and Authentication", but it's tab
"Settings" and then
top
> bar called "Authentication" inside it. It will be opened if you login to
> admin console and then open URL:
> http://localhost:8081/auth/admin/#/realms/keycloak-admin (Replace
> 'keycloak-admin' with name of your realm, for example 'test'). Once
you
open
> it, you can click to button "Add provider" and your provider should be
> available in the list of available authentication providers.
>
> For the inspiration, you can take a look at the existing
implementations, for
> example this one:
>
https://github.com/keycloak/keycloak/tree/master/authentication/authentic...
> and it's configuration in file:
>
https://github.com/keycloak/keycloak/blob/master/authentication/authentic...
> . Note that it's using standard java ServiceLoader mechanism described
here
> - http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html
>
> You don't need implement RealmAdapter . RealmAdapter is not related to
> authentication SPI. It's implementation of interface RealmModel, which is
> part of model-api. You need to implement model-api just in case that you
> want to create your own storage for all keycloak data, but implementing
> whole model-api is much more complicated and challenging than
implementation
> of authentication-api.
>
> So in shortcut, you need to implement AuthenticationProvider interface,
which
> will be able to read data from your internal database.
>
> Marek
>
>
> On 19.5.2014 18:05, Rodrigo Sasaki wrote:
>
>
>
> I have done most of what you mentioned, although I didn't find the
"Settings
> and Authentication" part on the Realm Settings. I couldn't add the new
> provider to it like you said, and the version I'm using is the one
available
> on the github repo.
>
> Also I saw that I should probably implement a RealmAdapter aswell, to
provide
> access to my table structure, is that correct? If so, how should I
configure
> Keycloak to use my adapter to find users, and not it's default one? Or at
> least not only it's default one
>
>
> On Fri, May 16, 2014 at 4:50 AM, Stian Thorgersen < stian(a)redhat.com >
wrote:
>
>
>
> We will add some documentation to this soon, but you basically need to:
>
> - Implement
>
https://github.com/keycloak/keycloak/blob/master/authentication/authentic...
> - Implement
>
https://github.com/keycloak/keycloak/blob/master/authentication/authentic...
> - Add a
>
'META-INF/services/org.keycloak.authentication.AuthenticationProviderFactory'
> that contains the fully qualified name of your
AuthenticationProviderFactory
> implementation
>
> Build as a JAR and drop into
> keycloak/standalone/deployments/auth-server.war/WEB-INF/lib.
>
> Start the server, open the admin console, navigate to realm settings and
> authentication. Click Add Provider and it should now have your new
provider.
> Add it to the realm.
>
> It will now use your provider to authenticate users.
>
> ----- Original Message -----
> > From: "Rodrigo Sasaki" < rodrigopsasaki(a)gmail.com >
> > To: "Bill Burke" < bburke(a)redhat.com >
> > Cc: keycloak-user(a)lists.jboss.org
> > Sent: Thursday, 15 May, 2014 7:30:00 PM
> > Subject: Re: [keycloak-user] Migrating Users Database
> >
> > By the way, do you have further information regarding that SPI you
> > mentioned?
> >
> > I was looking at the source code but I couldn't derive much from it, I
> > don't
> > know exactly how I should implement my own provider, and how do I tell
> > keycloak to use mine instead of its own.
> >
> >
> > On Thu, May 15, 2014 at 11:05 AM, Rodrigo Sasaki <
rodrigopsasaki(a)gmail.com
> > >
> > wrote:
> >
> >
> >
> > That's quite alright at the moment.
> >
> > We have seen the roadmap and if it stays around the announced dates,
there
> > shouldn't be a problem for us here.
> >
> >
> > On Thu, May 15, 2014 at 11:03 AM, Bill Burke < bburke(a)redhat.com >
wrote:
> >
> >
> > FYI, Keycloak will be very slow until we start our performance work
> > (scheduled for Beta-2). Right now, every login/logout/token action is
> > all DB hits. We don't cache anything at the moment!
> >
> > On 5/15/2014 7:02 AM, Rodrigo Sasaki wrote:
> > > I am very interested in importing the whole database. It seems to be
the
> > > cleanest way to do what we want to do here, and migrate to keycloak
> > > completely.
> > >
> > > Are there any guidelines on how to do this? Nonetheless I will look
into
> > > the SPI you mentioned, might come in handy sometime.
> > >
> > >
> > > On Thu, May 15, 2014 at 5:13 AM, Stian Thorgersen < stian(a)redhat.com
> > > <mailto: stian(a)redhat.com >> wrote:
> > >
> > > At the moment we have an Authentication SPI that will let you easily
> > > authenticate users with your existing database of users. The first
> > > time a new user logs in using this approach a user will be pulled in
> > > to the Keycloak database. There's no documentation for this feature
> > > yet, but look at the SPI at
> > >
https://github.com/keycloak/keycloak/tree/master/authentication/authentic...
> > > and the implementation that uses the Keycloak model itself to
> > > authenticate at
> > >
https://github.com/keycloak/keycloak/tree/master/authentication/authentic...
> > > .
> > >
> > > In the future we plan to provide a Sync SPI that will take this one
> > > step further and let you sync users (and roles) to/from an existing
> > > database.
> > >
> > > However, if you plan to completely replace your current
> > > authentication system the cleanest solution may be to import your
> > > current user database into Keycloak once and for all. If you're
> > > interested in this approach let me know.
> > >
> > > ----- Original Message -----
> > > > From: "Rodrigo Sasaki" < rodrigopsasaki(a)gmail.com
> > > <mailto: rodrigopsasaki(a)gmail.com >>
> > > > To: keycloak-user(a)lists.jboss.org
> > > <mailto: keycloak-user(a)lists.jboss.org >
> > > > Sent: Wednesday, 14 May, 2014 8:52:07 PM
> > > > Subject: [keycloak-user] Migrating Users Database
> > > >
> > > > Hi,
> > > >
> > > > I'm trying to replace my current authentication system with
> > > Keycloak, but I
> > > > have one problem. I already have a database of users, populated
with
> > > > millions of records, and I wanted to make it work with Keycloak.
> > > >
> > > > What would be the best approach on this scenario? Should I
> > > migrate everything
> > > > to the Keycloak tables, or try to make Keycloak understand my
current
> > > > database?
> > > >
> > > > Is there any recommendation on this matter? And if there is, some
> > > explanation
> > > > or documentation?
> > > >
> > > > Thanks!
> > > >
> > > > --
> > > > Rodrigo Sasaki
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user(a)lists.jboss.org <mailto:
keycloak-user(a)lists.jboss.org >
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >admin
>
> >
> > --
> > Rodrigo Sasaki
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
> Rodrigo Sasaki
>
>
> _______________________________________________
> keycloak-user mailing list keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
> Rodrigo Sasaki
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rodrigo Sasaki