[keycloak-user] Multiple 'user' data-source ?
Marek Posolda
mposolda at redhat.com
Mon Feb 22 03:07:43 EST 2016
On 22/02/16 03:55, Sylvain Auger-Léger wrote:
> Hi,
>
> My company is aiming at building its own OpenId Connect provider, for
> our internal apps.
> Thus we are looking for an open source framework. KeyCloak seems very
> good.
>
> Unfortunatly, we have a problem, and I did not find if KeyCloak can
> solve it:
>
> Our 'users' are store in an AD directory or in a database (postgree).
> To sum up: if the user is not in the AD, then we should look in the
> databse .
So you have 2 sets of existing users, first set in AD and second set in
Postgres?
Yes, it is doable. You will need to write federationProvider for CRUD
users from/to your postgres database (See docs and examples for details
on how to create federationProvider). Then you can configure 2
federation providers in your realm, the first with bigger priority will
be LDAP/AD provider, the second will be your provider for postgres. We
already have support for LDAP/AD (Again see docs).
Marek
>
> Is this doable with Keylcloak??
>
> Thanks.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160222/f00da966/attachment.html
More information about the keycloak-user
mailing list