[keycloak-dev] Custom user federation after 2.5.x

Bill Burke bburke at redhat.com
Thu Jan 26 10:35:29 EST 2017

I'm sorry, this usecase fell through the cracks when redesigning the SPI.

I'm guessing you need something that works with registration, REST API, 
and admin console?  If so, I think this will work.  It will be nasty though.

Let's say your provider class name is MyUserStorageProvider.

1. Define a value object class that implements UserModel and keeps all 
updates in memory.  Let's call it UserValueObject.

2. Define a class that implements the KeycloakTransaction interface. 
This class will be responsible for adding the user to the external store 
just before transaction commit.  It will just callback to 

public class AddUserSynchronization implements KeycloakTransaction {

   MyUserStorageProvider provider;

   UserValueObject valueObject;

   public AddUserSynchronization(MyUserStorageProvider provider, 
UserValueObject valueObject) {

      this.valueObject = valueObject;

      this.provider = provider;


   public void commit() {

      this.provider.addUser(UserValueObject valueObject);



3. In your MyUserStorageProvider.addUser(RealmModel realm, String 
usernmae) method, allocate and return the value object and register with 
the KeycloakTransactionManager.

public UserModel addUser(RealmModel realm, String username) {

     UserValueObject valueObject = new UserValueObject();

     StorageId id = new StorageId(providerComponentId, externalIdOfUser);



AddUserSynchronization(this, valueObject));

   return valueObject;


Does this make sense?

On 1/26/17 6:32 AM, Jorge M. wrote:
> Hi,
> It seems that some of the internal SPI's that supported custom federation
> development in previous versions are now deprecated.
> I'm looking at the new examples (jpa and simple) but I'm struggling with
> the registration method.
> My problem is that to use a custom webservice or a jpa implementation, I
> need to know the basic user information at that point in order to do the
> registration on my federation (name, email, username, ...) as the schema or
> WS as non nullable / mandatory fields.
> Is there any way to get that managed data at that point? (In the past I
> used a solution based on TxAwareLDAPUserModelDelegate)
> >From the jpa example:
> @Override
> public UserModel addUser(RealmModel realm, String username) {
>      UserEntity entity = new UserEntity();
>      entity.setId(UUID.randomUUID().toString());
>      entity.setUsername(username);
> *//GET first name, last name and email here!!*
>      em.persist(entity);
>      logger.info("added user: " + username);
>      return new UserAdapter(session, realm, model, entity);
> }
> Thank you.
> JM
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list