[keycloak-dev] User SPI
Bill Burke
bburke at redhat.com
Tue Nov 22 08:58:44 EST 2016
Documentation is coming soon in 2.4.1. Sorry for delay. Just in the
middle of porting the LDAP and other providers to new SPI.
https://github.com/keycloak/keycloak/tree/master/examples/providers/user-storage-jpa
Example needs to be updated to tell you you need to configure ExampleDS
or KeycloakDS as an xa-datasource. Wildfly barfs when you two
datasources in the same transaction and neither are XA enabled.
On 11/21/16 7:40 PM, Muein Muzamil wrote:
> Hi all,
>
> A gentle reminder to my query regarding User SPI.
>
> Regards,
> Muein
>
> On Wed, Nov 16, 2016 at 6:52 PM, Muein Muzamil <
> shmuein+keycloak-dev at gmail.com> wrote:
>
>> Hi all,
>>
>> We have implemented custom authenticators to integrate with an external
>> authentication API. After successful authentication, the API returns user
>> attributes back. Right now we save this user into DB as shown below, which
>> works well.
>>
>> user = userFederationManager.addUser(context.getRealm(), username)
>> user.setEnabled(true);
>>
>> mapUserAttributesToUserModel(user, userAttributes);
>>
>> context.setUser(user);
>>
>>
>> We have some privacy and security related requirements because we which we
>> don't want to store user information in KeyCloak database for a longer
>> period. We were thinking to implement some scheduled job to clean up user
>> data from KeyCloak database but I noticed that in KeyCloak 2.3 new User SPI
>> is introduced which allows users to be pull in without sync in user into
>> KeyCloak database.
>>
>> 1. So I was wondering how can I use this SPI to avoid storing user
>> data in DB.
>> 2. Can I imagine sticking user information in session and returning
>> user information from User SPI?
>> 3. Do we have any sample implementations or documentation available
>> for User SPI?
>>
>> Regards,
>> Muein
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list