Hello,
I’m facing currently a migration scenario where I have a group of users which need to be
imported from a different system into Keycloak. For regular users everything works fine,
but I wonder what would be the best approach for users which authenticate via external
identity providers (eg: facebook) in order to make the transition as transparent as
possible for the users (ideally, no interaction at all).
From the source system, I have access to the facebook user id and email address, so first
I tried to include that as federated identity in the users import:
{
"realm": "test",
"users": [
{
"createdTimestamp" : 1476191007295,
"username" : "somebody(a)somewhere.com",
"enabled" : true,
"totp" : false,
"emailVerified" : true,
"firstName" : "Test",
"lastName" : "Test",
"email" : "somebody(a)somewhere.com",
"credentials" : [ ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"federatedIdentities" : [ {
"identityProvider" : "facebook",
"userId" : "0123456789",
"userName" : "somebody(a)somewhere.com",
} ],
"realmRoles" : [ "offline_access",
"uma_authorization" ],
"clientRoles" : {
"account" : [ "manage-account", "view-profile"
]
}
}
]
}
, which imports fine, and I can see the link in the admin console, but when attempting to
login using Facebook, Keycloak ignores that data and redirects to the “Account linking”
screen (and in that case, if I follow the process, then I get a DB exception due to
duplicate key). So it seems the best way is to not import the Facebook details, and when
the user tries to login with Facebook, then the standard account linking process will be
triggered, which is not ideal in a migration.
I suppose there is some extra logic which is not taking place when doing the import as
opposed to creating a new account from scratch or creating the identity provider link
manually in the admin console, but can’t figure out what is it. Is there any possible way
to avoid the account linking step?
Met vriendelijke groet,
Federico Navarro
backend developer
federico@info.nl<mailto:federico@info.nl> |
LinkedIn<https://www.linkedin.com/company/info-nl> | +31 (0)2 05 30 91
61<tel:+31205309161>
info.nl<http://www.info.nl/>
Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530
9100<tel:+31205309100>