[keycloak-user] [Feature request] Adding scheduled tasks / change order of required actions / searchable user attributes

Marek Posolda mposolda at redhat.com
Thu Jan 4 16:17:01 EST 2018


On 04/01/18 15:12, Tomás García wrote:
> Hi,
>
>     I'm trying to fulfill the needs of the GDPR of my company in Keycloak
> and I noticed these things:
>
> - I cannot add a scheduled task. I don't know where to put code like you
> have in KeycloakApplication like:
>              TimerProvider timer = session.getProvider(TimerProvider.class);
>              timer.schedule(new
> ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredEvents(),
> interval), interval, "ClearExpiredEvents");
>
> , so I can add a recurrent task starting from the startup of Keycloak. My
> use case is that I want to remove users that didn't verify their email or
> accepted terms & conditions after a week of first registration. So I was
> thinking to add a task to be run daily to do that.
There are ways to do that indirectly. For example, you can create custom 
provider of any type and add this to the "postInit" method here. But 
rather listen to the PostMigrationEven to ensure that tasks are 
triggered after
the DB migration is finished. See for example 
InfinispanAuthenticationSessionProviderFactory.postInit for inspiration.
>
> - The order of required actions execution is in alphabetical order, so if I
> wanted a custom required action to be run after the "Verify email" action I
> need to be sure that the name of my custom required action starts with "W"
> at least. An UI interface like what we already have in the Authenticators
> part would be nice.
+1 that it would be nice. On the other hand, is it a big issue to create 
the action starting with "W" ?

Feel free to create JIRA for add priority to requiredActions, just not 
sure when it will be done (unless you send PR by yourself :)
>
> - There are no facilities inside Keycloak to search users with a specific
> attribute key or value. It would be nice too to have long integers as
> attibute values, in case we want to search for users with greater / less
> than a specific timestamp attribute like the one you use in the terms &
> conditions required action. For example, for the removal task, I'd like to
> search for users without a custom attribute, then I'll remove those. I
> guess I'll just extend the data model if needed to workaround this issue.
There is model method for search by attribute - 
UserProvider.searchForUserByUserAttribute . There is no REST endpoint, 
but you can create your own custom REST endpoint for this though if you 
need it. But if you need to use this from your requiredAction, it should 
work fine.
>
> - If someone declines the terms & conditions, the user is redirected to a
> blank page with an "error" in the screen. I don't care about this since I'm
> going to make my custom required action if I can find an alternative for
> the things I'm saying above.
>
> If I'm wrong about something, please let me know.
>
> Thanks,
> Tomás
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list