堆栈内存溢出
  简体   繁体   English

使用 keycloak UserStorageProvider SPI 的问题

[英]problem using a keycloak UserStorageProvider SPI

 原文  2019-07-11 14:11:34       java/ keycloak

问题描述

I have implemented a custom Keycloak UserStorageProvider SPI (following point 11 of official Doc: https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi ) which does following:我已经实现了一个自定义 Keycloak UserStorageProvider SPI(遵循官方文档的第 11 点: https ://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi),它执行以下操作:

  1. Authenticate users (not previously existing on the local store) against an external auth service.针对外部身份验证服务对用户(以前不存在于本地商店)进行身份验证。
  2. Save the (successfully authenticated against our custom service) user into the Keycloak local store.将(已成功通过我们的自定义服务进行身份验证)用户保存到 Keycloak 本地存储中。
  3. After the users have been imported on keycloak's local store (after users successfully loged themselves in), the admins are then able to map roles to those users for resource authorization from keycloak's admin console.在将用户导入 keycloak 的本地存储后(用户成功登录后),管理员可以将角色映射到这些用户,以便从 keycloak 的管理控制台进行资源授权。

The problem I'm running into is following: Step 1 and 2 work perfectly.我遇到的问题如下:第 1 步和第 2 步工作正常。 And regarding step 3, I can log myself successfully with a user that was saved on the keycloak's local store (after finding it on the external UserProvider), BUT (an here lies the crux of the problem);关于第 3 步,我可以使用保存在 keycloak 本地存储中的用户成功登录(在外部 UserProvider 上找到它之后),但是(这里是问题的症结所在); as soon as I add any role to that imported user, then I can't log myself anymore into that account and the logs show that my custom UserStorageProvider isn't being used anymore from that point onwards when login for that user.一旦我向该导入的用户添加任何角色,我就无法再将自己登录到该帐户,并且日志显示从该用户登录时起不再使用我的自定义 UserStorageProvider。 Somehow attaching a role to that user makes him invisible to my custom UserStorageProvider (even if I delete the role/(s) again).以某种方式将角色附加到该用户使他对我的自定义 UserStorageProvider 不可见(即使我再次删除该角色)。

In the best case scenario I'm trying to achieve, I'd be able to "log in" with the user (saved locally after authenticated form external SPI), even after assigning roles to him.在我试图实现的最佳情况下,即使在为用户分配角色后,我也能够与用户“登录”(在通过外部 SPI 身份验证后保存在本地)。

Any feedback would be greatly appreciated!!任何反馈将不胜感激!

Thanks in advance for your suggestions.预先感谢您的建议。

1 个解决方案

解决方案1
 2 已采纳  2019-08-08 06:23:48

In the case somebody has this problem in the future, when you implement a provider SPI, you have 2 options as the doc mentions.如果将来有人遇到此问题,当您实现提供程序 SPI 时,您有 2 个选项,如文档所述。 Federated Store and importing users to the local Keycloak store.联合存储并将用户导入本地 Keycloak 存储。 If you go with the importing/synching strategy, it is necessary to set federation link to the provider like this:如果您采用导入/同步策略,则有必要像这样设置到提供者的联合链接:

<UserModel instance>.setFederationLink(<ComponentModel id>);

If you don't do this, then Keycloak can't "remember" that those imported users should be handled by your provider SPI, and in general you won't have the expected behaviour out of your custom Provider SPI.如果您不这样做,那么 Keycloak 将无法“记住”那些导入的用户应该由您的提供者 SPI 处理,并且通常您不会从自定义的提供者 SPI 中获得预期的行为。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 实施自定义Keycloak身份验证器SPI时出现问题 - Problem Implementing a custom Keycloak Authenticator SPI 客户端策略的keycloak SPI? - keycloak SPI for client policy? 在 Keycloak 中实现自定义 SPI - Implement custom SPI in Keycloak 使用用户 SPI 在 Keycloak 中为外部用户分配角色 - Assigning Roles to external User in Keycloak Using User SPI Keycloak Authenticator SPI 示例不起作用 - Keycloak Authenticator SPI example not working 带有 PostgreSQL 驱动程序的 Keycloak 中的 UserStorage SPI - UserStorage SPI in Keycloak with PostgreSQL driver Keycloak 用户存储 SPI 实现 - Keycloak User Storage SPI Implementation Keycloak-6.0.1自定义身份验证器SPI - Keycloak-6.0.1 Custom Authenticator SPI Keycloak - 自定义 SPI 未出现在列表中 - Keycloak - Custom SPI does not appear in list Keycloak:从自定义端点 (SPI) 发送 AdminEvent - Keycloak: Send AdminEvent from custom Endpoint (SPI)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM