-
Notifications
You must be signed in to change notification settings - Fork 0
User Federation
You can use the User Storage SPI to write extensions to Keycloak to connect to external user databases and credential stores. Application developers can write implementations of the User Storage SPI to bridge the external user store and the internal user object model that Keycloak uses to log in users and manage them.
If the user is not found, it then loops through User Storage SPI provider implementations to perform the user query until one of them returns the user the runtime is looking for. The provider queries the external user store for the user and maps the external data representation of the user to Keycloak’s user metamodel.
키클록(Keycloak)에서 User Federation 을 위해 Kerberos 와 LDAP 프로바이더를 제공해주지만 외부 사용자 DB를 사용하기 위해서는 별도의 커스텀 User Storage SPI 를 구현해야한다.
- org.keycloak.storage.UserStorageProvider
- org.keycloak.storage.UserStorageProviderFactory
- org.keycloak.storage.user.UserLookupProvider
- org.keycloak.storage.user.UserQueryProvider
- org.keycloak.storage.user.UserRegistrationProvider
- org.keycloak.credential.CredentialInputValidator
- org.keycloak.credential.CredentialInputUpdater
Jar 로 패키징 된 프로바이더의 클래스패스 안에 META-INF/services/org.keycloak.storage.UserStorageProviderFactory 파일을 추가하고 UserStorageProvider 구현체의 패키지와 클래스를 명시하면 된다.