[keycloak-user] Roles Integration

Rodrigo Sasaki rodrigopsasaki at gmail.com
Tue Jun 17 07:36:06 EDT 2014 

Oh, interesting. I'll look into that.

I'll make sure to not include so many users, it's just so I can keep
testing keycloak with our application here :)

Thank you very much!


On Tue, Jun 17, 2014 at 8:33 AM, Stian Thorgersen <stian at redhat.com> wrote:

> Currently we don't support importing users into an existing realm, but you
> can import a complete realm config including users.
>
> Have a look at
> https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/resources/testrealm.json.
> This includes the realm, a few apps/clients, roles, scope mappings, users
> and user role mappings. You can import this either by running keycloak with
> -Dkeycloak.import=<path to json file> or through the admin console by
> selecting add realm and using the upload option.
>
> It will only work if the realm doesn't already exist, and it's not very
> efficient at the moment (everything is loaded into memory and written to
> the db in one transaction).
>
> ----- Original Message -----
> > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> > To: "Stian Thorgersen" <stian at redhat.com>
> > Cc: "Bill Burke" <bburke at redhat.com>, keycloak-user at lists.jboss.org
> > Sent: Tuesday, 17 June, 2014 12:23:08 PM
> > Subject: Re: [keycloak-user] Roles Integration
> >
> > That would be really awesome, thanks :)
> >
> > But just for now, could you tell me how to do it with the JSON like you
> > previously suggested? That way I can import a sample of my users in my
> dev
> > environment so I can keep on testing it out.
> >
> >
> > On Tue, Jun 17, 2014 at 6:12 AM, Stian Thorgersen <stian at redhat.com>
> wrote:
> >
> > > We're currently working on performance testing and need to investigate
> how
> > > Keycloak handles with large amounts of users. We'll also look at
> importing
> > > such a large amount of users into the db.
> > >
> > > We'll look at this over the next week and get back to you :)
> > >
> > > ----- Original Message -----
> > > > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> > > > To: "Bill Burke" <bburke at redhat.com>
> > > > Cc: keycloak-user at lists.jboss.org
> > > > Sent: Monday, 16 June, 2014 8:21:06 PM
> > > > Subject: Re: [keycloak-user] Roles Integration
> > > >
> > > > Just to be more specific, our mapping here is really simple.
> > > >
> > > > We have 1 table with the users, one with the roles, and a third one
> that
> > > maps
> > > > them both together.
> > > >
> > > > Thank you for trying to help!
> > > >
> > > >
> > > > On Mon, Jun 16, 2014 at 12:44 PM, Rodrigo Sasaki <
> > > rodrigopsasaki at gmail.com >
> > > > wrote:
> > > >
> > > >
> > > >
> > > > They are all stored in a table on a RDBMS
> > > >
> > > >
> > > > On Mon, Jun 16, 2014 at 12:34 PM, Bill Burke < bburke at redhat.com >
> > > wrote:
> > > >
> > > >
> > > > These 20 Million users: Are they stored in a RDBMS? LDAP?
> > > >
> > > > On 6/16/2014 11:28 AM, Bill Burke wrote:
> > > > > Nice! You will be a great reference for us. We'll make it happen.
> > > > > Just remind us of this every time we're lax answering your
> questions :)
> > > > >
> > > > > On 6/16/2014 10:44 AM, Rodrigo Sasaki wrote:
> > > > >> We have about 15 roles and over 20 million users
> > > > >>
> > > > >>
> > > > >> On Mon, Jun 16, 2014 at 11:32 AM, Stian Thorgersen <
> stian at redhat.com
> > > > >> <mailto: stian at redhat.com >> wrote:
> > > > >>
> > > > >>
> > > > >>
> > > > >> ----- Original Message -----
> > > > >> > From: "Rodrigo Sasaki" < rodrigopsasaki at gmail.com
> > > > >> <mailto: rodrigopsasaki at gmail.com >>
> > > > >> > To: "Stian Thorgersen" < stian at redhat.com <mailto:
> stian at redhat.com
> > > >>
> > > > >> > Cc: keycloak-user at lists.jboss.org
> > > > >> <mailto: keycloak-user at lists.jboss.org >
> > > > >> > Sent: Monday, 16 June, 2014 3:27:43 PM
> > > > >> > Subject: Re: [keycloak-user] Roles Integration
> > > > >> >
> > > > >> > That's an interesting suggestion, but how would I do that if the
> > > > >> databases
> > > > >> > are very different?
> > > > >> >
> > > > >> > Just remembering that I want to integrate the user role
> mappings,
> > > > >> and not
> > > > >> > just the roles themselves.
> > > > >>
> > > > >> Makes sense, roles are not worth much if no users have mappings to
> > > > >> them ;)
> > > > >>
> > > > >> >
> > > > >> > Should I create a JSON from my database following a specific
> > > > >> format to
> > > > >> > import it into Keycloak?
> > > > >>
> > > > >> Yes, that's the idea. Roughly how many users and roles do you
> have?
> > > > >>
> > > > >> >
> > > > >> >
> > > > >> > On Mon, Jun 16, 2014 at 6:01 AM, Stian Thorgersen
> > > > >> < stian at redhat.com <mailto: stian at redhat.com >> wrote:
> > > > >> >
> > > > >> > > The only way to do that at the moment would be to import the
> > > > >> data into the
> > > > >> > > Keycloak database. The easiest way to do this would be to
> > > > >> export your
> > > > >> > > database to json and import into Keycloak.
> > > > >> > >
> > > > >> > > If this is something you want to do, let me know and we can
> > > > >> give you some
> > > > >> > > instructions, maybe also an example, on how to do this.
> > > > >> > >
> > > > >> > > ----- Original Message -----
> > > > >> > > > From: "Rodrigo Sasaki" < rodrigopsasaki at gmail.com
> > > > >> <mailto: rodrigopsasaki at gmail.com >>
> > > > >> > > > To: keycloak-user at lists.jboss.org
> > > > >> <mailto: keycloak-user at lists.jboss.org >
> > > > >> > > > Sent: Friday, 13 June, 2014 3:39:55 PM
> > > > >> > > > Subject: [keycloak-user] Roles Integration
> > > > >> > > >
> > > > >> > > > Hi,
> > > > >> > > >
> > > > >> > > > I needed to migrate accounts from an old database to
> > > > >> authenticate with
> > > > >> > > > Keycloak, and I implemented my own provider of the
> > > > >> Authentication SPI,
> > > > >> > > which
> > > > >> > > > worked fine.
> > > > >> > > >
> > > > >> > > > Now what should I do if I need to migrate the roles from
> > > > >> those accounts
> > > > >> > > > aswell? Is there a suggested flow that I should follow?
> > > > >> > > >
> > > > >> > > > Thanks,
> > > > >> > > >
> > > > >> > > > --
> > > > >> > > > Rodrigo Sasaki
> > > > >> > > >
> > > > >> > > > _______________________________________________
> > > > >> > > > keycloak-user mailing list
> > > > >> > > > keycloak-user at lists.jboss.org
> > > > >> <mailto: keycloak-user at lists.jboss.org >
> > > > >> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > >> > >
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >> > --
> > > > >> > Rodrigo Sasaki
> > > > >> >
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Rodrigo Sasaki
> > > > >>
> > > > >>
> > > > >> _______________________________________________
> > > > >> keycloak-user mailing list
> > > > >> keycloak-user at lists.jboss.org
> > > > >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > >>
> > > > >
> > > >
> > > > --
> > > > Bill Burke
> > > > JBoss, a division of Red Hat
> > > > http://bill.burkecentral.com
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> > > >
> > > >
> > > > --
> > > > Rodrigo Sasaki
> > > >
> > > >
> > > >
> > > > --
> > > > Rodrigo Sasaki
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
>



-- 
Rodrigo Sasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140617/68bc6920/attachment-0001.html

More information about the keycloak-user mailing list