Integration of User-Management-Service to extend default User

UAA
, ,
1

Hi there,

In my A12 Application, i am trying to integrate User-Management. My goal is to extend the default User, stored on keycloak, with an additional property that is stored in my own Database and synchronised with keycloak. The User-Management-Service should be embedded in my existing Data Service (not standalone).
I was trying to follow the documentation (geta12 - user management) to achieve my goal but so far i am unable to get my POC to work.

Here is what i have done so far:

  • Added uaa-user-management-user to my gradle dependencies
  • Created a custom User POJO that extends ExtendedUser and offers one additional String property called customProp
  • Added uaa-user-management-service to my gradle dependencies
  • Created a custom User-Extension DM that has the rootGroup extend and just one field (String) called customProp
  • Added role userManagementAdmin with the default access rights
  • Adjused/Added the following application properties:
application property Change
mgmtp.a12.dataservices.initialization.import.models.path Added models from user-management-service (classpath:core/models)
mgmtp.a12.uaa.authorization.child-authorization-definitions Added user-management authorization definitions (classpath:core/user-management-authorization.json)
mgmtp.a12.uaa.user-management.idp.url Set to local keycloak address (currently on host “localhost” for development: http://localhost:8089)
mgmtp.a12.uaa.user-management.idp.realm-name Set to the existing Realm name that is already used for all users
mgmtp.a12.uaa.user-management.idp.technical.username Set to default value “keycloak_usermanagement_technical”
mgmtp.a12.uaa.user-management.um.technical.username Set to a test-value
mgmtp.a12.uaa.user-management.um.technical.password Set to a test-value
mgmtp.a12.uaa.user-management.um.extension-model-name Set to the name of the custom User-Extension DM

The result of my changes is that the server starts up successfully as usual, the additional models are imported correctly but besides that, nothing happens. I can’t find any users in my DS DB, nor do i get any server-logs about issues.

My questions:

  • Am i missing steps or properties that i have not yet set?
  • Do I need to also add the “User Management Keycloak Extension” to enable the synchronisation?
  • Where am i supposed to find the Users in my dataservices DB once the setup is correct? (in table “documents”?)
  • When is the synchronisation triggered for the first time? Is it automatically synchronised on startup and right after, i should be able to find the users in my DB?

General Information:

I am using A12 components in version for 2023.06-ext4.

I’d be very happy to receive some hints in the right direction.

3

Hello,

Before I assist you further, I have a few questions:

Following the configuration and launch of your application, did you attempt to create a document using the UM module? If so, what was the outcome? Were there any error logs on the server or within the Keycloak instance?

4

Thanks for getting back to me.
I do not intend to use the user-management-module and therefore did not attempt to create a document using the module. Unfortunately i can’t provide the information you are looking for.

5

For a test-setup I tried creating a user using the endpoint /api/user/create. In this operation i get an error at the UserEventListener, specifically in afterCreateUser at the creation of the idpService User.
The error is thrown when a new Keycloak is built in getIDPClientInstance of BaseKeycloakService.java but i can’t seem to find out if or where I am missing an application property if that’s the issue.

Error is thrown at line 62 of BaseKeycloakService.java:

Screenshot 2024-04-23 at 16.50.09
Screenshot 2024-04-23 at 16.50.091022Ă—483 67.7 KB