Storage SPI user migration

civerazdaM · January 22, 2020, 10:20am

When we migrate user to keycloak from external database, with User Storage Provider, we noticed that there is no password migrated to keycloak system from external system. That means that we could not get rid of the external system database, and make a switch to use migrated user data in keycloak. We would need to disturb a user to set a new password or something like that then. Is there a clear guide how we could migrate a user with its full credentials to keycloak, or is this not intended by keycloak design for this use case. If it is not intended by keycloak to be used like that, what would you suggest instead?

Thanks

civerazdaM · January 28, 2020, 8:32am

We found out that we can achieve that using
session.userCredentialManager().updateCredential(realm, user, cred);

Here are some related links that were helpful to us:

https://lists.jboss.org/pipermail/keycloak-user/2018-August/015111.html

We also want to point out, that you should be aware that if you implement importing/creating new user in getUserByUsername that you need to return that newly created user, otherwise it will not work as expected for you.

lsmith77 · January 24, 2024, 2:02pm

Do you have a current implementation of this that I could look at?

Topic		Replies	Views
Need input on authenticating a user in keycloak and there passwords stored in external systems Getting advice authentication	1	290	June 15, 2023
User storage SPI Getting advice	0	473	February 13, 2020
How to implement user's migration Getting advice	2	3840	September 24, 2022
Migrating users with existing password Getting advice	14	2648	March 7, 2024
External custom user storage but all credentials in Keycloak Getting advice	5	684	February 1, 2024

Storage SPI user migration

Related Topics