Storage SPI user migration

When we migrate user to keycloak from external database, with User Storage Provider, we noticed that there is no password migrated to keycloak system from external system. That means that we could not get rid of the external system database, and make a switch to use migrated user data in keycloak. We would need to disturb a user to set a new password or something like that then. Is there a clear guide how we could migrate a user with its full credentials to keycloak, or is this not intended by keycloak design for this use case. If it is not intended by keycloak to be used like that, what would you suggest instead?

Thanks

1 Like

We found out that we can achieve that using
session.userCredentialManager().updateCredential(realm, user, cred);

Here are some related links that were helpful to us:


https://lists.jboss.org/pipermail/keycloak-user/2018-August/015111.html

We also want to point out, that you should be aware that if you implement importing/creating new user in getUserByUsername that you need to return that newly created user, otherwise it will not work as expected for you.

1 Like