[keycloak-user] [Feature request] Adding scheduled tasks / change order of required actions / searchable user attributes

Fri Jan 5 03:08:18 EST 2018

On Thu, Jan 4, 2018 at 9:17 PM Marek Posolda <mposolda at redhat.com> wrote:

> On 04/01/18 15:12, Tomás García wrote:
> > Hi,
> >
> >     I'm trying to fulfill the needs of the GDPR of my company in Keycloak
> > and I noticed these things:
> >
> > - I cannot add a scheduled task. I don't know where to put code like you
> > have in KeycloakApplication like:
> >              TimerProvider timer =
> session.getProvider(TimerProvider.class);
> >              timer.schedule(new
> > ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredEvents(),
> > interval), interval, "ClearExpiredEvents");
> >
> > , so I can add a recurrent task starting from the startup of Keycloak. My
> > use case is that I want to remove users that didn't verify their email or
> > accepted terms & conditions after a week of first registration. So I was
> > thinking to add a task to be run daily to do that.
> There are ways to do that indirectly. For example, you can create custom
> provider of any type and add this to the "postInit" method here. But
> rather listen to the PostMigrationEven to ensure that tasks are
> triggered after
> the DB migration is finished. See for example
> InfinispanAuthenticationSessionProviderFactory.postInit for inspiration.
> >
>

Thanks!

> - The order of required actions execution is in alphabetical order, so if
> I
> > wanted a custom required action to be run after the "Verify email"
> action I
> > need to be sure that the name of my custom required action starts with
> "W"
> > at least. An UI interface like what we already have in the Authenticators
> > part would be nice.
> +1 that it would be nice. On the other hand, is it a big issue to create
> the action starting with "W" ?
>
> Feel free to create JIRA for add priority to requiredActions, just not
> sure when it will be done (unless you send PR by yourself :)
> >
>

Absolutely not :D I'll do that in the mean time. I'll create the JIRA issue
too.

> - There are no facilities inside Keycloak to search users with a specific
> > attribute key or value. It would be nice too to have long integers as
> > attibute values, in case we want to search for users with greater / less
> > than a specific timestamp attribute like the one you use in the terms &
> > conditions required action. For example, for the removal task, I'd like
> to
> > search for users without a custom attribute, then I'll remove those. I
> > guess I'll just extend the data model if needed to workaround this issue.
> There is model method for search by attribute -
> UserProvider.searchForUserByUserAttribute . There is no REST endpoint,
> but you can create your own custom REST endpoint for this though if you
> need it. But if you need to use this from your requiredAction, it should
> work fine.
> >
>

I missed that! Thanks.

> - If someone declines the terms & conditions, the user is redirected to a
> > blank page with an "error" in the screen. I don't care about this since
> I'm
> > going to make my custom required action if I can find an alternative for
> > the things I'm saying above.
> >
> > If I'm wrong about something, please let me know.
> >
>

I forgot to say I'll open a JIRA for this too anyway.

> Thanks,
> > Tomás
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>