I see now I am doing it wrong, and should stop doing it wrong ;] The /admin/realms/{realm}/partialImport endpoint does not seem to accommodate importing user federation providers, but the runtime option -Dkeycloak.migration.action=import does.

Great software!

Thanks again.
-John Bartko

On Wed, Aug 24, 2016 at 1:43 PM, John Bartko <john.bartko@drillinginfo.com> wrote:
Thank you for taking the time to respond. Let me see if I can outline steps to reproduce:

  1. Run a DB and Keycloak container:

    docker run --name postgres -e POSTGRES_DATABASE=keycloak -e POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password -e POSTGRES_ROOT_PASSWORD=root_password -d postgres

    docker run --rm --name keycloak --link postgres:postgres -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=changeme jboss/keycloak-postgres

  2. Log in to admin web UI and make both a client and a LDAP user federation provider.

  3. Ctrl+C to stop the keycloak container

  4. Start a container connected to the same database for export:

    mkdir /opt/keycloak_export 
    chmod 0777 /opt/keycloak_export

    docker run --rm --name keycloak_exporter --link postgres:postgres -v /opt/keycloak_export:/opt/jboss/export jboss/keycloak-postgres -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/opt/jboss/export

  5. Ctrl+C to stop the keycloak_exporter container.

  6. Copy the realm export at /opt/keycloak_export/master-realm.json to your workstation. The export should contain a populated userFederationProviders key:

    jq '.userFederationProviders' /opt/keycloak_export/master-realm.json

  7. Destroy the DB and start from a blank slate:

    docker rm -f postgres

    docker run --name postgres -e POSTGRES_DATABASE=keycloak -e POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password -e POSTGRES_ROOT_PASSWORD=root_password -d postgres

    docker run --rm --name keycloak --link postgres:postgres -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=changeme jboss/keycloak-postgres

  8. Log in to admin web UI and import the contents of master-realm.json

  9. Result: the client is imported but the LDAP user federation provider is not.
Is the import supposed to also pick up the user federation provider?

Thanks,
-John Bartko

On Wed, Aug 24, 2016 at 1:35 AM, Marek Posolda <mposolda@redhat.com> wrote:
Btv. can't it be that you are exporting different realm that when you have ldap federationProvider configured?

Marek


On 24/08/16 08:34, Marek Posolda wrote:
I am not 100% sure what exactly are you doing. Are you able to have LDAP example up and running if you exactly follow the steps in README https://github.com/keycloak/keycloak/blob/master/examples/ldap/README.md ?

Or are you creating realm representation by hand? Instead of creating by hand, we have possibility for export/import, which is exactly for the use-case for migration between different envs - https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.1/topics/export-import.html

Marek

On 24/08/16 00:10, John Bartko wrote:
Hello all,

I am attempting export user federation providers and import them into a different Keycloak instance. The ldap example realm export *looks* like the web admin UI import can do what I need. After importing (step 3 in the example's readme) there are still no user federation providers configured nor any indication of an error.

Similarly, when doing an export at WildFly server boot on a Keycloak instance with user federation configured, I do not see any trace of the provider in the export.

Partial import of clients works fine. Is this the right way to go about persisting realm configuration across deploys/environments?

Thanks,
-John Bartko


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user