[keycloak-user] Moving from two legacy identity systems to keycloak

Leandro Nunes leandronunes85 at gmail.com
Tue Feb 12 13:26:35 EST 2019


I recently joined a company as a software developer. The company has merged
with another one a couple of years ago and that lead to lot of migration
problems. We are now looking into unifying our user base under the same
store and provide a single login/password for all products.

With this in mind I started looking for a solution that would help us: and
I found keycloak.

I have been playing around with it but the truth is that I’m not very
confident on how to approach such Herculean task. I have thought of a
couple of options:
1) build a spi for each legacy systems and let keycloak talk with such
systems for current users but register new users on keycloak’s own data
2) have my legacy systems programmatically create a new user on keycloak
every time someone logs in (as in slowly migrating users from the legacy
datastores into keycloak).

Bear in mind that either way I need to still be able to expose at least the
original Id for the users on keycloak so that other systems that rely on
them can still work.

Any help around this is much appreciated!

Leandro Nunes

More information about the keycloak-user mailing list