Reputation: 1448
Keycloak User federation using existing MySQL database for users authentication
I am trying to setup Keycloak server for our organisation. I have couple of questions.
- How can we use our existing user database to authenticate users - User Federation. Keycloak only has LADP/Kerberos options. Is there any custom plugin which can be used for MySQL user authentication or can we use existing connectors itself (LDAP/Kerberos) via some adapter for the database?
- Is it possible to have multiple Identity providers within Keycloak environment - (Have Keycloak as IDP for few services, while Keycloak Google IDP for other services).
I have followed the official documentation, but for some reason not able to view the content of the link. Any helpful links to proper guide would be great.
Upvotes: 15
Views: 40850
Answers (3)
Reputation: 503
Check Keycloak Custom User Federation
It means that, to use diffirent datasource (or process) while Keycloak username / password login
see =>
- https://github.com/keycloak/keycloak/blob/main/docs/documentation/server_development/topics/user-storage/simple-example.adoc
- https://tech.smartling.com/migrate-to-keycloak-with-zero-downtime-8dcab9e7cb2c github => (https://github.com/Smartling/keycloak-user-migration-provider)
First link => explaining how to configure external db to keycloak.
Second link (need changes)=> these examplecan change like that,
- you can create a custom federation implementation,
- it will be call your service,
- your service will be query your db
- your service will response your result
Second example(my suggestion) will be abstract your custom code (federation process, your service) and keycloak. Keycloak ony call your service, everything else are your implementation.
Upvotes: 11
Reputation: 146
I answered a similar question regarding existing databases user and keycloak authentication (link here)
I published my own solution as a multi RDBMS implementation (oracle, mysql, postgresl, sqlserver) to solve simple database federation needs, supporting bcrypt and several types of hashes.
It is a configurable keycloak custom provider, you will only need the to set some SQL queries and it is ready to use.
It is already compatible with new keycloak quarkus deployment.
Feel free to clone, fork, contribute or do whatever you need to solve your issue.
GitHub repo:
https://github.com/opensingular/singular-keycloak-database-federation
Upvotes: 7
Reputation: 1845
You should implement your own user storage SPI to integrate your MySQL db as an external user storage db
https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi
Upvotes: 10
Related Questions
- Keycloak, openId-connect userInfo
- keycloak managed password with federated users
- Keycloak Custom User Federation and Identity Provider Working Order
- Keycloak integration with Mysql 8.0
- Keycloak setup with a MySQL database
- Keycloak with custom user federation docker deployment
- Use Keycloak`s users in own application
- KeyCloak User Federation AND DYNAMIC ROLES
- How to integrate or make use of KeyCloak user database in my application?
- MySQL.users table as application authentication