[keycloak-dev] Support for password-only sync in user federation
Thomas Darimont
thomas.darimont at googlemail.com
Mon Sep 24 05:37:38 EDT 2018
Hello Keycloak Developers,
at the end of the recent DevNation Live session [1] A Deep Dive into
Keycloak
a user asked whether it would be possible to only sync password changes
back
with a federated user store like LDAP or Kerberos.
This would be very useful in integration scenarios where the user directory
admins
want to keep control over user profiles.
I looked at the code and it seems that one needed to add a new
UserStorageProvider.EditMode like PASSWORD_ONLY
and update the updateCredential [2] Methods accordingly to allow credential
updates.
Would this be sufficient or am I missing something?
Cheers,
Thomas
[1]
https://www.youtube.com/watch?list=PLuWlr4oKSRUZj3ax5zG_t9KE6uwTb_0rU&time_continue=1&v=ZxpY_zZ52kU
[2] org.keycloak.storage.ldap.LDAPStorageProvider#updateCredential (and
similar methods for other providers)
More information about the keycloak-dev
mailing list