6:33 a.m.
Adding list back
For your use-case user federation is not the way to go. As I said it's been
designed to pull users from an external datasource into Keycloak, not to
sync users into your application.
You have two options really:
a) Add users when the login to your application. All the details you need
about the user can be added to the token and you should only store what
your application needs when the user is not around, the rest you can
retrieve from the token. This is the simplest and I'd recommend this
b) Add an event listener that notifies your application when new users
register (if you have registration enabled) and when admins create users
On 4 May 2016 at 09:44, Juan Diego <juandiego83(a)gmail.com> wrote:
It is more a question of design, I think. I have my app with its
own
database, it has a table users with a relation one to many to another
table let's call it songs. The only reason I have the table users in my
app is because I need a way to know which songs belong to my users. I am
using keycloak to manage my login.
I asked a while a long how people handle this and someone referred to
custom federation providers.
My question is really regarding how to handle the relations of your data
when you have your users in a different database from the rest of your
data.
So far I can only think on 3 ways to solve this
1) providers syncing users from keycloak to my database replicating user
ID. I managed to make this work on my provider at the end, before you told
me providers are not meant for this.
2) managing users in my own app. By this I mean I wouldn't use keycloak
web interface to create or delete users. I have a form to create users in
my app, and when I save the data it connects to keycloak s rest api
creates a user if it works it copies username email and the Id generated by
keycloak to my local table users
3) adding users in keycloak first then if they logging for the first time
add the user to the database
So far I was doing the 2nd option, it seems the best suited. Is there
another way to maintain data relation with keycloak
El may. 4, 2016 1:08 AM, "Stian Thorgersen" <sthorger(a)redhat.com>
escribió:
> Not sure I'm following. Keycloak can sync users created from your
> database, but it can't write users back. New users created in Keycloak
> directly are only stored in Keycloaks database.
>
> On 29 April 2016 at 23:52, Juan Diego <juandiego83(a)gmail.com> wrote:
>
>> So The recommend way would be to create my own user administrator and
>> when I create a user it will create a user on keycloak via keycloak s rest
>> api.
>>
>>
>>
>> On Thu, Apr 28, 2016 at 11:21 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> User federation isn't designed to push users created in Keycloak to the
>>> database. It only supports syncing users that are created in the database.
>>>
>>> On 27 April 2016 at 18:55, Juan Diego <juandiego83(a)gmail.com> wrote:
>>>
>>>> I was checking the example for federation-properties-example. In both
>>>> examples when you sync all users, it just checks for the users in the
>>>> properties file and adds it to keycloak if it doesnt exist.
>>>> If I want to do it both ways, so it adds users from keycloak to my
>>>> database, and users from my database to keycloak. Should I add them
here?
>>>> I am not managing any password on my database, so i just need user id
and
>>>> username and maybe email.
>>>>
>>>> Also when I add a new user I can tell that syncronizeRegistrations()
>>>> is being called but it is null. In order to create a new user in my
>>>> database, should I call a create user function to my database here.
>>>>
>>>> Thanks,
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
8:31 a.m.
New subject: custom user federation syncAllUsers
Well, userFederation also supports "registration" from keycloak to
federationStorage. We use it for writable-LDAP federationProvider (new
user registered in Keycloak is immediatelly added to LDAP too). Also the
federation example is showing it - if you look at
"examples/providers/federation-provider" then you see that
ClasspathPropertiesFederationProvider doesn't support registration of
new users, but FilePropertiesFederationFactorysupports that.
If you want to go this way, you just need to:
- ensure that YourUserFederationProvider.synchronizeRegistrations
returns "true"
- then in YourUserFederationProvider.register you can implement saving
your user to your federationStorage. Note that at this point, you have
just user with username and ID available. If you want to sync more
attributes to your storage (ie. email, firstName, lastName, passwords
etc) you will need to return "proxy" UserModel object, where you
override some setter methods and always when setter is called, you will
sync changes to your storage too. In the example you can see
WritableUserModelProxy, which supports updating passwords.
We have some spaces for improve registration usecase though. Ideally to
have possibility to just send single request to federationStorage during
registering new user or during update (this is already possible with
current federationProvider API, but cumbersome)... Also possibility to
"bulk" sync keycloak users to federationStorage. We plan to improve user
federation SPI for Keycloak 2.0 though.
Marek
On 04/05/16 13:33, Stian Thorgersen wrote:
Adding list back
For your use-case user federation is not the way to go. As I said it's
been designed to pull users from an external datasource into Keycloak,
not to sync users into your application.
You have two options really:
a) Add users when the login to your application. All the details you
need about the user can be added to the token and you should only
store what your application needs when the user is not around, the
rest you can retrieve from the token. This is the simplest and I'd
recommend this
b) Add an event listener that notifies your application when new users
register (if you have registration enabled) and when admins create users
On 4 May 2016 at 09:44, Juan Diego <juandiego83(a)gmail.com
<mailto:juandiego83@gmail.com>> wrote:
It is more a question of design, I think. I have my app with its
own database, it has a table users with a relation one to many to
another table let's call it songs. The only reason I have the
table users in my app is because I need a way to know which songs
belong to my users. I am using keycloak to manage my login.
I asked a while a long how people handle this and someone referred
to custom federation providers.
My question is really regarding how to handle the relations of
your data when you have your users in a different database from
the rest of your data.
So far I can only think on 3 ways to solve this
1) providers syncing users from keycloak to my database
replicating user ID. I managed to make this work on my provider at
the end, before you told me providers are not meant for this.
2) managing users in my own app. By this I mean I wouldn't use
keycloak web interface to create or delete users. I have a form
to create users in my app, and when I save the data it connects
to keycloak s rest api creates a user if it works it copies
username email and the Id generated by keycloak to my local table
users
3) adding users in keycloak first then if they logging for the
first time add the user to the database
So far I was doing the 2nd option, it seems the best suited. Is
there another way to maintain data relation with keycloak
El may. 4, 2016 1:08 AM, "Stian Thorgersen" <sthorger(a)redhat.com
<mailto:sthorger@redhat.com>> escribió:
Not sure I'm following. Keycloak can sync users created from
your database, but it can't write users back. New users
created in Keycloak directly are only stored in Keycloaks
database.
On 29 April 2016 at 23:52, Juan Diego <juandiego83(a)gmail.com
<mailto:juandiego83@gmail.com>> wrote:
So The recommend way would be to create my own user
administrator and when I create a user it will create a
user on keycloak via keycloak s rest api.
On Thu, Apr 28, 2016 at 11:21 PM, Stian Thorgersen
<sthorger(a)redhat.com <mailto:sthorger@redhat.com>> wrote:
User federation isn't designed to push users created
in Keycloak to the database. It only supports syncing
users that are created in the database.
On 27 April 2016 at 18:55, Juan Diego
<juandiego83(a)gmail.com <mailto:juandiego83@gmail.com>>
wrote:
I was checking the example for
federation-properties-example. In both examples
when you sync all users, it just checks for the
users in the properties file and adds it to
keycloak if it doesnt exist.
If I want to do it both ways, so it adds users
from keycloak to my database, and users from my
database to keycloak. Should I add them here? I
am not managing any password on my database, so i
just need user id and username and maybe email.
Also when I add a new user I can tell that
syncronizeRegistrations() is being called but it
is null. In order to create a new user in my
database, should I call a create user function to
my database here.
Thanks,
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3153
days inactive
3153
days old
1 comments
2 participants
participants (2)
-
Marek Posolda -
Stian Thorgersen