Hi,

in order to import users having encrypted passwords from existing user storage I'm implementing user federation provider based on the keycloak example keycloak-examples-1.5.0.Final/providers/federation-provider.

Additionally I considered hints provided by Scott Rossillo in the keycloak-user Digest, Vol 22, Issue 18

Above example works properly when retrieving users from a properties file. The next step in the implementation would be access to the database where users data is stored.

My question: What would be the best practice for accessing database from a custom keycloak provider?

Something like this?

// KeycloakSession
session.getProvider(JpaConnectionProvider.class, "myTS")
.getEntityManager()
.createQuery("SELECT... ?

keycloak-server.json:
"connectionsJpa": {
        "default": {
            "dataSource": "java:jboss/datasources/KeycloakDS",
            "databaseSchema": "update"
        },
      "myTS": {
            "dataSource": "java:jboss/datasources/myTsDS"
        }    }

Thank you,

Valerij Timofeev
Software Engineer

Trusted Shops GmbH