[keycloak-user] User federation providers export/import

Stian Thorgersen sthorger at redhat.com
Mon Aug 29 10:11:08 EDT 2016


Partial import should work for user federation providers as well. If it
doesn't feel free to create a JIRA for it.

On 26 August 2016 at 00:01, John Bartko <john.bartko at drillinginfo.com>
wrote:

> I see now I am doing it wrong, and should stop doing it wrong ;] The
> /admin/realms/{realm}/partialImport endpoint does not seem to accommodate
> importing user federation providers, but the runtime option
> -Dkeycloak.migration.action=import does.
>
> Great software!
>
> Thanks again.
> -John Bartko
>
> On Wed, Aug 24, 2016 at 1:43 PM, John Bartko <john.bartko at drillinginfo.com
> > wrote:
>
>> Thank you for taking the time to respond. Let me see if I can outline
>> steps to reproduce:
>>
>>
>>    1. Run a DB and Keycloak container:
>>
>>    docker run --name postgres -e POSTGRES_DATABASE=keycloak -e
>>    POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password -e
>>    POSTGRES_ROOT_PASSWORD=root_password -d postgres
>>
>>    docker run --rm --name keycloak --link postgres:postgres -p 8080:8080
>>    -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=changeme jboss/keycloak-postgres
>>
>>    2. Log in to admin web UI and make both a client and a LDAP user
>>    federation provider.
>>
>>    3. Ctrl+C to stop the keycloak container
>>
>>    4. Start a container connected to the same database for export:
>>
>>    mkdir /opt/keycloak_export
>>    chmod 0777 /opt/keycloak_export
>>
>>    docker run --rm --name keycloak_exporter --link postgres:postgres -v
>>    /opt/keycloak_export:/opt/jboss/export jboss/keycloak-postgres
>>    -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir
>>    -Dkeycloak.migration.dir=/opt/jboss/export
>>
>>    5. Ctrl+C to stop the keycloak_exporter container.
>>
>>    6. Copy the realm export at /opt/keycloak_export/master-realm.json to
>>    your workstation. The export should contain a populated
>>    userFederationProviders key:
>>
>>    jq '.userFederationProviders' /opt/keycloak_export/master-realm.json
>>
>>    7. Destroy the DB and start from a blank slate:
>>
>>    docker rm -f postgres
>>
>>    docker run --name postgres -e POSTGRES_DATABASE=keycloak -e
>>    POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password -e
>>    POSTGRES_ROOT_PASSWORD=root_password -d postgres
>>
>>    docker run --rm --name keycloak --link postgres:postgres -p 8080:8080
>>    -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=changeme jboss/keycloak-postgres
>>
>>    8. Log in to admin web UI and import the contents of master-realm.json
>>
>>    9. Result: the client is imported but the LDAP user federation
>>    provider is not.
>>
>> Is the import supposed to also pick up the user federation provider?
>>
>> Thanks,
>> -John Bartko
>>
>> On Wed, Aug 24, 2016 at 1:35 AM, Marek Posolda <mposolda at redhat.com>
>> wrote:
>>
>>> Btv. can't it be that you are exporting different realm that when you
>>> have ldap federationProvider configured?
>>>
>>> Marek
>>>
>>>
>>> On 24/08/16 08:34, Marek Posolda wrote:
>>>
>>> I am not 100% sure what exactly are you doing. Are you able to have LDAP
>>> example up and running if you exactly follow the steps in README
>>> <https://github.com/keycloak/keycloak/blob/master/examples/ldap/README.md>
>>> https://github.com/keycloak/keycloak/blob/master/examples/ldap/README.md
>>> ?
>>>
>>> Or are you creating realm representation by hand? Instead of creating by
>>> hand, we have possibility for export/import, which is exactly for the
>>> use-case for migration between different envs -
>>> https://keycloak.gitbooks.io/server-adminstration-guide/cont
>>> ent/v/2.1/topics/export-import.html
>>>
>>> Marek
>>>
>>> On 24/08/16 00:10, John Bartko wrote:
>>>
>>> Hello all,
>>>
>>> I am attempting export user federation providers and import them into a
>>> different Keycloak instance. The ldap example realm export
>>> <https://github.com/keycloak/keycloak/blob/master/examples/ldap/ldaprealm.json#L126-L152> *looks*
>>> like the web admin UI import can do what I need. After importing (step
>>> 3 in the example's readme
>>> <https://github.com/keycloak/keycloak/tree/master/examples/ldap#keycloak-example---ldap>)
>>> there are still no user federation providers configured nor any indication
>>> of an error.
>>>
>>> Similarly, when doing an export at WildFly server boot on a Keycloak
>>> instance with user federation configured, I do not see any trace of the
>>> provider in the export.
>>>
>>> Partial import of clients works fine. Is this the right way to go about
>>> persisting realm configuration across deploys/environments?
>>>
>>> Thanks,
>>> -John Bartko
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>>
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160829/8c25968d/attachment.html 


More information about the keycloak-user mailing list