8:59 a.m.
Hello
I have implemented a (JPA-based) user federation provider that works pretty fine so far.
We now want to be able to load the link information to a federated id provider (like
google) from the external datasource into the Keycloak's DB by means of the user
federation provider, when the user is initially created in the Keycloak DB via his first
login (or via user-synchronization). So far I could see, the user federation SPI works
with a UserModel class which does not care about those attributes. Do you see any chance
to set such attributes in a userfederation-implementation?
One issue is, that keycloak's user entries are deleted when the userfederation
provider fails to connect to the federated resource (not found how to to deactivate this
behaviour so far). The user entry is recreated after the next login succeeded (OK and
fine), but the link to the identity provider is lost (not fine). The other issue is, that
we want to administer userattributes completey in the federated datasource to reduce
complexity of our datamanagement.
Best regards, Eduard Matuszak
Dr. Eduard Matuszak
Worldline, an atos company
T +49 (211)399 398 63
M +49 (163)166 23 67
F +49(211) 399 22 430
eduard.matuszak@atos.net<mailto:eduard.matuszak@atos.net>
Max-Stromeyer-Straße 116
78467 Konstanz
Germany
de.worldline.com<http://worldline.com/de/1/Home.html>
worldline.jobs.de<http://worldline.jobs.de>
facebook.com/WorldlineKarriere<http://www.facebook.com/WorldlineKarrie...
Worldline GmbH
Geschäftsführer: Wolf Kunisch
Aufsichtsratsvorsitzender: Christophe Duquenne
Sitz der Gesellschaft: Frankfurt/Main
Handelsregister: Frankfurt/Main HRB 40 417
* * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
This e-mail and the documents attached are confidential and intended solely for the
addressee; it may also be privileged. If you receive this e-mail by error, please notify
the sender immediately and destroy it. As its integrity cannot be secured on the internet,
the Atos group liability cannot be triggered for the message content. Although the sender
endeavors to maintain a computer virus-free network, the sender does not warrant that this
transmission is virus-free and shall not be liable for any damages resulting from any
virus transmitted.
* * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
9:43 a.m.
On 08/07/16 15:59, Matuszak, Eduard wrote:
Hello
I have implemented a (JPA-based) user federation provider that works
pretty fine so far. We now want to be able to load the link
information to a federated id provider (like google) from the external
datasource into the Keycloak’s DB by means of the user federation
provider, when the user is initially created in the Keycloak DB via
his first login (or via user-synchronization). So far I could see, the
user federation SPI works with a UserModel class which does not care
about those attributes. Do you see any chance to set such attributes
in a userfederation-implementation?
One issue is, that keycloak’s user entries are deleted when the
userfederation provider fails to connect to the federated resource
(not found how to to deactivate this behaviour so far). The user entry
is recreated after the next login succeeded (OK and fine), but the
link to the identity provider is lost (not fine). The other issue is,
that we want to administer userattributes completey in the federated
datasource to reduce complexity of our datamanagement.
It depends how you implement
methods "isValid" and "validateAndProxy"
of your UserFederation provider. If you fail to connect, you can
possibly just return the proxy of "local" UserModel, which was passed
as an argument to methods. But note that then all writes to this
UserModel won't be updated to your storage, but just to Keycloak DB.
Btv. There is UserFederation SPI refactoring in progressand there will
be updates to this SPI in next Keycloak versions (2.1 and laters)
Marek
Best regards, Eduard Matuszak
*Dr. Eduard Matuszak*
Worldline, an atos company
T +49 (211)399 398 63
M +49 (163)166 23 67
F +49(211) 399 22 430
_eduard.matuszak(a)atos.net_ <mailto:eduard.matuszak@atos.net>
Max-Stromeyer-Straße 116
78467 Konstanz
Germany
_de.worldline.com_ <http://worldline.com/de/1/Home.html>
_worldline.jobs.de_ <http://worldline.jobs.de>
_facebook.com/WorldlineKarriere_
<http://www.facebook.com/WorldlineKarriere>
Worldline GmbH
Geschäftsführer: Wolf Kunisch
Aufsichtsratsvorsitzender: Christophe Duquenne
Sitz der Gesellschaft: Frankfurt/Main
Handelsregister: Frankfurt/Main HRB 40 417
* * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive
this e-mail by error, please notify the sender immediately and destroy
it. As its integrity cannot be secured on the internet, the Atos group
liability cannot be triggered for the message content. Although the
sender endeavors to maintain a computer virus-free network, the sender
does not warrant that this transmission is virus-free and shall not be
liable for any damages resulting from any virus transmitted.
* * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3088
days inactive
3088
days old
1 comments
2 participants
participants (2)
-
Marek Posolda -
Matuszak, Eduard