3:17 p.m.
On 04/01/18 15:12, Tomás García wrote:
Hi,
I'm trying to fulfill the needs of the GDPR of my company in Keycloak
and I noticed these things:
- I cannot add a scheduled task. I don't know where to put code like you
have in KeycloakApplication like:
TimerProvider timer = session.getProvider(TimerProvider.class);
timer.schedule(new
ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredEvents(),
interval), interval, "ClearExpiredEvents");
, so I can add a recurrent task starting from the startup of Keycloak. My
use case is that I want to remove users that didn't verify their email or
accepted terms & conditions after a week of first registration. So I was
thinking to add a task to be run daily to do that.
There are ways to do that
indirectly. For example, you can create custom
provider of any type and add this to the "postInit" method here. But
rather listen to the PostMigrationEven to ensure that tasks are
triggered after
the DB migration is finished. See for example
InfinispanAuthenticationSessionProviderFactory.postInit for inspiration.
- The order of required actions execution is in alphabetical order, so if I
wanted a custom required action to be run after the "Verify email" action I
need to be sure that the name of my custom required action starts with "W"
at least. An UI interface like what we already have in the Authenticators
part would be nice.
+1 that it would be nice. On the other hand, is it a big issue
to create
the action starting with "W" ?
Feel free to create JIRA for add priority to requiredActions, just not
sure when it will be done (unless you send PR by yourself :)
- There are no facilities inside Keycloak to search users with a specific
attribute key or value. It would be nice too to have long integers as
attibute values, in case we want to search for users with greater / less
than a specific timestamp attribute like the one you use in the terms &
conditions required action. For example, for the removal task, I'd like to
search for users without a custom attribute, then I'll remove those. I
guess I'll just extend the data model if needed to workaround this issue.
There
is model method for search by attribute -
UserProvider.searchForUserByUserAttribute . There is no REST endpoint,
but you can create your own custom REST endpoint for this though if you
need it. But if you need to use this from your requiredAction, it should
work fine.
- If someone declines the terms & conditions, the user is redirected to a
blank page with an "error" in the screen. I don't care about this since
I'm
going to make my custom required action if I can find an alternative for
the things I'm saying above.
If I'm wrong about something, please let me know.
Thanks,
Tomás
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user