[keycloak-user] Keycloak JPA UserFederation Adapter in multiple realms with different Datasource names

Niels Bertram nielsbne at gmail.com
Sat Feb 10 07:38:50 EST 2018 

Hi Marek,

using an application managed EntityManagerFactory appear to be working. I
created a  UserStorageProviderFactory that is managing a entity manager
factory and when I use the entity manager in the  UserStorageProvider the
transaction is managed by the container transaction manager that also
manages the Keycloak transactions. Why am I certain about that? Had a few
errors in the beginning about 2 datasources trying to enroll as last resort.

The main ingredients in this gist.

https://gist.github.com/bertramn/cbc4eec5e7b13e28099f4165a0c15b29


The trick is to tell hibernate
<https://gist.github.com/bertramn/cbc4eec5e7b13e28099f4165a0c15b29#file-customuserstorageproviderfactory-java-L117>
where to get the JTA platform transaction manager from.

Does that look about right? I have a feeling it could be simplified with
some CDI magic ...

Cheers Niels


On Sat, Feb 10, 2018 at 12:26 AM, Niels Bertram <nielsbne at gmail.com> wrote:

> Yes studied that one before asking the question, its close but not close
> enough. I think I will get away with creating an application managed
> persistence context with container managed transaction. Then in the
> provider factory I will read the DataSource name from config and create the
> entity transaction manager. Am just not too sure if it'll work with the
> things you do in Keycloak to access these provider EJBs. I kinda need 1
> stateful session bean for each provider instance added to the realm and
> that needs its on EntityManagerFactory which enrolls the entity manager in
> the JTA from Keycloak. Will report back if I can get something working.
> Thanks Niels
>
> On Sat, Feb 10, 2018 at 12:18 AM, Marek Posolda <mposolda at redhat.com>
> wrote:
>
>> I suggest to look at this example: https://github.com/keycloak/ke
>> ycloak/tree/master/examples/providers/user-storage-jpa
>>
>> AFAIK It's probably closest thing to your usecase, which we have.
>>
>> Marek
>>
>> Dne 8.2.2018 v 17:49 Niels Bertram napsal(a):
>>
>>> Hi there,
>>>
>>> we have a requirement to set the jndi datasource name on a UserFederation
>>> provider when added to a realm to support connecting different realms in
>>> the same Keycloak server to different databases. Been through the
>>> examples
>>> and read a few emails from around 2016 in the developer list but do not
>>> find anyone who'd actually done this before. we could create a user
>>> managed
>>> EntityManagerFactory within the federation provider factory but the
>>> question is then how can we inject it into the container context and
>>> enlist
>>> our transactions in the JTA?
>>>
>>> Has anyone ever had to implement something like that?
>>>
>>> Cheers,
>>> NIels
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>

More information about the keycloak-user mailing list