Hello Im currently investigating using Keycloak as a solution to manage users, as well as authentication and authorization. Currently, we have a jboss Errai application, and have a relational database of users and their encrypted password. Is there any tutorials, or advice, on how we would migrate our users to the Keycloak IDM? Thanks and regards Anton ****** _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Thank you Marek To check that I understand this approach correctly, is the following a correct summary of how a federation provider works? 1. existing user tries to login via Keycloak 2. Keycloak checks if the user exists in the keycloak IDM. If user is not there then use federation provider 3. the provider will get the user by email address or username, and return the User object. 4. This user object can then be mapped and saved into keycloak. 5. Next time user tries to login user is retrieved from keycloak idm

Question - where is the federated provider deployed? Is it in our app, or installed into Keycloak? Or something else?

Thanks On Thu, Mar 19, 2015 at 8:03 PM, Marek Posolda <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote: Hi, it will be best if you write custom FederationProvider and point it to your database. See http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/user_feder... and examples in appliance-dist (Subdirectory examples/providers) Marek On 19.3.2015 19:58, Anton Hughes wrote: > > Hello > > Im currently investigating using Keycloak as a solution to manage > users, as well as authentication and authorization. > > Currently, we have a jboss Errai application, and have a > relational database of users and their encrypted password. > > Is there any tutorials, or advice, on how we would migrate our > users to the Keycloak IDM? > > Thanks and regards > Anton > ****** > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user -- * * * Anton Hughes Co-founder ah(a)magick.nu <mailto:ah@magick.nu> www.magick.nu <http://www.magick.nu> * ****

From: "Anton Hughes" <ah(a)magick.nu&gt; To: "Marek Posolda" <mposolda(a)redhat.com&gt; Cc: keycloak-user(a)lists.jboss.org Sent: Thursday, 7 May, 2015 9:58:14 PM Subject: Re: [keycloak-user] Migrating custom user database to Keycloak On Fri, Mar 20, 2015 at 8:58 AM, Marek Posolda < mposolda(a)redhat.com > wrote: Yes, Keycloak also verified during each authentication (or interaction with the UserModel) if user still exists in your backend and it's removed from Keycloak DB if not. Normally user is synced to Keycloak DB after successful login (your step 4), but you can also sync all your users from your storage at once or setup periodic sync. HI Marek Thanks for your help with this. Ideally, what we would like is to have keycloak do all user-management - that is, migrate all users out of our custom application and store them in Keycloak. This would slim down our application, and avoid having to custom provider. Is this possible?

Thanks -- Anton Hughes Co-founder ah(a)magick.nu www.magick.nu _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Thanks Stian On Fri, May 8, 2015 at 7:17 AM, Stian Thorgersen <stian(a)redhat.com <mailto:stian@redhat.com>> wrote: Yes, you've got two options atm: * Export your users to a json file and import into Keycloak - in the future we want to be able to import users into existing realm, but currently you have to create a new realm Its no problem creating a realm. Is there an example of importing users from a json file? Or can you point me to documentation for this?

* Use the admin rest api (or java admin client) to import users Thanks again -- * * ****