[keycloak-user] How to migrate users and roles from in-house storage

Paulo Pires pires at littlebits.cc
Thu Jul 21 07:03:11 EDT 2016


It's working like a charm :)

Some things I learned:
* Need to import resteasy deps for keycloak-admin-cli explicitly
* Methods won't return errors but will throw InvocationTargetException
(must be checked)

Question: is there a way to set default roles? I can't seem to find it in
the Java code but it is available through REST.

Thanks,
Pires

On Thu, Jul 21, 2016 at 8:47 AM Paulo Pires <pires at littlebits.cc> wrote:

> Thank you Bruno, I haven't been able to verify your code but I assume
> you're sharing it because it works.
>
> It seems pretty trivial, awesome!
>
> Cheers,
> Pires
>
> On Wed, Jul 20, 2016 at 9:30 PM Bruno Oliveira <bruno at abstractj.org>
> wrote:
>
>> Note sure if it helps, but an example about how to do it
>> programatically is here[1].
>>
>> I just adapted from the admin-client[2].
>>
>>
>> [1] - https://gist.github.com/abstractj/78b127e8c9273cdcea6eb82a1cfc153c
>> [2] -
>> https://github.com/keycloak/keycloak/tree/master/examples/admin-client
>>
>> On 2016-07-20, Paulo Pires wrote:
>> > I did check the admin-cli JAR but it's not clear how to add roles and
>> > users, or if it's even implemented (I did check the REST API and there's
>> > endpoints for that).
>> >
>> > Thank you very much for clarifying,
>> > Pires
>> >
>> > On Wed, Jul 20, 2016 at 2:52 PM Stian Thorgersen <sthorger at redhat.com>
>> > wrote:
>> >
>> > > Yep, take a look at
>> > >
>> https://keycloak.gitbooks.io/server-developer-guide/content/topics/admin-rest-api.html
>> > >
>> > > On 20 July 2016 at 15:33, Paulo Pires <pires at littlebits.cc> wrote:
>> > >
>> > >> More than 150k. Is there a Java library for the REST api?
>> > >>
>> > >> On Jul 20, 2016 13:56, "Stian Thorgersen" <sthorger at redhat.com>
>> wrote:
>> > >>
>> > >>> Depending on the amount of users I'd use either partial import
>> through
>> > >>> the admin console (if you don't have more than a thousand or so
>> users) or
>> > >>> use the admin REST endpoints if you have quite a lot of users.
>> > >>>
>> > >>> On 20 July 2016 at 11:52, Paulo Pires <pires at littlebits.cc> wrote:
>> > >>>
>> > >>>> Hi all,
>> > >>>>
>> > >>>> I'm in the process of migrating from an in-house user-role storage
>> to
>> > >>>> Keycloak and I'm looking for programmatic (Java) ways to migrate
>> all
>> > >>>> current users to the new storage. And I need your help to figure
>> out the
>> > >>>> best approach.
>> > >>>>
>> > >>>> At first, when reading KC documentation, I believed I could easily
>> > >>>> achieve this by implementing a User Federation provider but after
>> diving a
>> > >>>> little more into it, and looking for examples, I can't see a way
>> to migrate
>> > >>>> all users on-demand but simply one user at a time, possible during
>> log-in.
>> > >>>>
>> > >>>> Next, I tried and look into ways, such as admin-cli, REST, etc but
>> > >>>> nothing strikes me as the solution to use.
>> > >>>>
>> > >>>> Here's what I was hoping to deliver:
>> > >>>> * Get all roles and users from my soon-to-be deprecated storage,
>> e.g.
>> > >>>> MySQL tables
>> > >>>> * Add roles to KC
>> > >>>> * Iterate users and add user to KC + map roles + update password
>> hashes
>> > >>>> (here I know I need to implement a HashProvider)
>> > >>>>
>> > >>>> Any hints will be appreciated!
>> > >>>>
>> > >>>> Pires
>> > >>>>
>> > >>>> _______________________________________________
>> > >>>> keycloak-user mailing list
>> > >>>> keycloak-user at lists.jboss.org
>> > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> > >>>>
>> > >>>
>> > >>>
>> > >
>>
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> --
>>
>> abstractj
>> PGP: 0x84DC9914
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160721/cadd0c6a/attachment-0001.html 


More information about the keycloak-user mailing list