[keycloak-dev] Can I use this method in RepresentationToModel?

Marek Posolda mposolda at redhat.com
Fri Oct 16 02:45:02 EDT 2015


The session.userStorage().addUser() adds user directly to KC persistent 
storage (JPA, Mongo) and bypasses federation.

When you're creating new user through Keycloak somehow (for example in 
admin console or during user registration), there is need to use 
"session.users().addUser()", so the user is propagated to federation 
storage as well. For example, if you have configured LDAP federation 
provider with WRITE editMode, the user will be created to LDAP as well 
in addition to Keycloak database. However during import, user usually 
already exists in LDAP as he was exported from previous environment.

It's bit similar for example for default roles. When you create new user 
in admin console/registration, default roles are added to him. However 
during import, they are not as the user is supposed to have them already 
from previously exported DB.

Marek

On 15/10/15 23:28, Stan Silvert wrote:
> Looks like import realm is using the same method so I guess it's OK.  It
> would still be interesting to know a bit about the effect of calling
> session.userStorage().addUser() versus session.users().addUser(). We are
> just relying on the provider settings to sync federated users?
>
> On 10/15/2015 5:07 PM, Stan Silvert wrote:
>> I'm implementing import users from the admin console.  I'd like to use
>> this method to create each user:
>> https://github.com/keycloak/keycloak/blob/master/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java#L923
>>
>> But I'm not sure of the effect since this method uses
>> session.userStorage().addUser() instead of session.users().addUser().
>>
>> Anyone care to enlighten me?
>>
>> Stan
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list