Sorry to not be clear in my last answer. Keycloak doesn't have any detection, that if you add new property to mongo "user" it will break. You can manually add any property you want to the objects in "user" collection.

However note that:
- Keycloak data is cached, so direct mongo modifications to user won't be visible by Keycloak until you clear the cache or restart Keycloak server (or disable cache).
- I was more thinking about the case, that with your direct modification to "user" object, there is a chance that you accidentally delete some properties of the "user" object. For example you update some attribute of "user" and accidentally delete password etc.

Keycloak itself doesn't have anything, which clears the password of existing users. So you can try to just run Keycloak without running the second app. If Keycloak will still work after a period of time, then you will know that breaking user records is probably related to some mongo modifications by your second app.

Marek

On 08/08/16 17:23, Francisco Montada wrote:
Hi Marek , thanks so much for you reply 

The first question is clear.
The second question, We are sure we do not have any extra process in our application that can cause Master/Realm/Admin clean up, 
When you said "Yes" means that if we add new properties to the "User" collection keycloak is detecting it like the DB was hacked ? 

Thanks 
Francisco 



On Mon, Aug 8, 2016 at 5:58 AM, Marek Posolda <mposolda@redhat.com> wrote:
On 05/08/16 04:51, Francisco Montada wrote:
Hi team, we are using Keycloak and we are facing two issues that we do not know why is happening 

1. We are using the same Database to save Keycloak and our App information, we have a Spring boot and MongoDB environment, so we have access directly from our Application level to the Keycloak collections,  we had noticed that if we change any value on Keycloak collection form the DB or from our app level it is no reflected on Keycloak 

Does Keycloak have some security validation for data that are No saved from the Admin or API ? 
Could be related with Caching ?
Yes, Keycloak has cache for user data. It's possible to disable it in keycloak admin console.

2. For some reason our Keycloak collections is getting mess up, after a period of time, what is happening is the Master/Realm/Admin User password is getting clean up and also the credentials for some of our users 

Do you have any idea what is happening ?  
Could be related with that we are adding extra values to the "user" collection ?
Yes. Also the question is, if you're not doing something, which accidentally breaks existing users (delete their passwords etc)?

Marek


Thanks 
Francisco 


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user