[keycloak-user] User federation providers export/import
John Bartko
john.bartko at drillinginfo.com
Wed Aug 24 14:43:14 EDT 2016
Thank you for taking the time to respond. Let me see if I can outline steps
to reproduce:
1. Run a DB and Keycloak container:
docker run --name postgres -e POSTGRES_DATABASE=keycloak -e
POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password -e
POSTGRES_ROOT_PASSWORD=root_password -d postgres
docker run --rm --name keycloak --link postgres:postgres -p 8080:8080 -e
KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=changeme jboss/keycloak-postgres
2. Log in to admin web UI and make both a client and a LDAP user
federation provider.
3. Ctrl+C to stop the keycloak container
4. Start a container connected to the same database for export:
mkdir /opt/keycloak_export
chmod 0777 /opt/keycloak_export
docker run --rm --name keycloak_exporter --link postgres:postgres -v
/opt/keycloak_export:/opt/jboss/export jboss/keycloak-postgres
-Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir
-Dkeycloak.migration.dir=/opt/jboss/export
5. Ctrl+C to stop the keycloak_exporter container.
6. Copy the realm export at /opt/keycloak_export/master-realm.json to
your workstation. The export should contain a populated
userFederationProviders key:
jq '.userFederationProviders' /opt/keycloak_export/master-realm.json
7. Destroy the DB and start from a blank slate:
docker rm -f postgres
docker run --name postgres -e POSTGRES_DATABASE=keycloak -e
POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password -e
POSTGRES_ROOT_PASSWORD=root_password -d postgres
docker run --rm --name keycloak --link postgres:postgres -p 8080:8080 -e
KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=changeme jboss/keycloak-postgres
8. Log in to admin web UI and import the contents of master-realm.json
9. Result: the client is imported but the LDAP user federation provider
is not.
Is the import supposed to also pick up the user federation provider?
Thanks,
-John Bartko
On Wed, Aug 24, 2016 at 1:35 AM, Marek Posolda <mposolda at redhat.com> wrote:
> Btv. can't it be that you are exporting different realm that when you have
> ldap federationProvider configured?
>
> Marek
>
>
> On 24/08/16 08:34, Marek Posolda wrote:
>
> I am not 100% sure what exactly are you doing. Are you able to have LDAP
> example up and running if you exactly follow the steps in README
> <https://github.com/keycloak/keycloak/blob/master/examples/ldap/README.md>
> https://github.com/keycloak/keycloak/blob/master/examples/ldap/README.md ?
>
> Or are you creating realm representation by hand? Instead of creating by
> hand, we have possibility for export/import, which is exactly for the
> use-case for migration between different envs -
> https://keycloak.gitbooks.io/server-adminstration-guide/
> content/v/2.1/topics/export-import.html
>
> Marek
>
> On 24/08/16 00:10, John Bartko wrote:
>
> Hello all,
>
> I am attempting export user federation providers and import them into a
> different Keycloak instance. The ldap example realm export
> <https://github.com/keycloak/keycloak/blob/master/examples/ldap/ldaprealm.json#L126-L152> *looks*
> like the web admin UI import can do what I need. After importing (step 3
> in the example's readme
> <https://github.com/keycloak/keycloak/tree/master/examples/ldap#keycloak-example---ldap>)
> there are still no user federation providers configured nor any indication
> of an error.
>
> Similarly, when doing an export at WildFly server boot on a Keycloak
> instance with user federation configured, I do not see any trace of the
> provider in the export.
>
> Partial import of clients works fine. Is this the right way to go about
> persisting realm configuration across deploys/environments?
>
> Thanks,
> -John Bartko
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160824/bb2b972d/attachment-0001.html
More information about the keycloak-user
mailing list