On 22/02/16 03:55, Sylvain Auger-Léger wrote:

Hi,

My company is aiming at building its own OpenId Connect provider, for our internal apps.

Thus we are looking for an open source framework. KeyCloak seems very good.

Unfortunatly, we have a problem, and I did not find if KeyCloak can solve it:

Our 'users' are store in an AD directory or in a database (postgree).

To sum up: if the user is not in the AD, then we should look in the databse .

So you have 2 sets of existing users, first set in AD and second set in Postgres?

Yes, it is doable. You will need to write federationProvider for CRUD users from/to your postgres database (See docs and examples for details on how to create federationProvider). Then you can configure 2 federation providers in your realm, the first with bigger priority will be LDAP/AD provider, the second will be your provider for postgres. We already have support for LDAP/AD (Again see docs).

Marek

Is this doable with Keylcloak??

Thanks.

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user