migrating from drupal to keycloak .. is this possible ?

[Kristoff]

Hi all,

I am completely new to keycloak (ok, apart from watching some videos on the topic and installing a docker-instance to test it).

Before I spend a lot of  much time learning keycload, I would like to ask this question to know if what we need is possible in keycloak or not. (I did check the online archive. I did find some info but I do not know how to interpret it, so please excuse my question :-) )


Our situation is this: We have a website on Drupal (just upgraded from Drupal 7 to Drupal 9), with the user password hashes in the Drupal database. (some still in Drupal 7 format, others in Drupal 9 format)
We would like to move a keycloak for user-authentication so we can set up SSO with other applications, like nextcloud and synapse (matrix chat-server),


Is there a way to migrate the user authentication from Drupal to keycloak without requiring that all the users need to create a new password?


I found this "keycloak user migration plugin" (*) but this code is 4 years old, and I do not really understand how to interpret this.
Would this work in this scenario? Has somebody already done this?


Sorry to ask. I just like to understand what are the possibilities of keycloak before I start watching hours of youtube videos :-)



Many thanks in advance.

Kr, Bonne.


(*) https://github.com/daniel-frak/keycloak-user-migration

[Lars Van Casteren]

Hello Kristoff, 

I did something similar, it wasn't Drupal but underneath it's just all the same. 

This thread helped me: https://groups.google.com/g/keycloak-user/c/GVL34nsfN4I/m/jfwfNgchBAAJ

Gr,

L

[Kristoff]

Hi Lars,


Thanks for confirming.

I'm still trying to "decode" what exactly that post means (:- ) ) but I understand that it is possible; so it is worth investing the  time to understand this.
From what i understand, I'll need to write some code myself, .. which is not the end of the world.

This solution does seems to be different from the github code by Daniel Frak that I found before. If I understand that README correctly, that repo talks about wrapping a REST-API server on top of a Drupal password verification server. But I guess, in the end, both methods are in essence the same thing, only implemented differently


Anycase, thanks for the feedback.
Now I know that is possible to do so I'll start watching some videos first :-)


Kr. Bonne.

Op 16.03.23 om 21:22 schreef Lars Van Casteren:

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/8f3642e7-bd54-45da-b25e-583e2d91ea35n%40googlegroups.com.

[Lars Van Casteren]

The keycloak-user-migration repo you mention seems a much more elegant option and probably a lot less coding yourself, you just need the Drupal rest service to verify users.

It's compatible with recent Keycloak 20.x (Nov/2022) version so it's pretty recent and well maintained, I'm adding it to my list of Keycloak tools that can come in handy ;) 

The only downside is that you have to keep Drupal online until all, or an acceptable amount, of users have logged in at least once. The more low-level approach would allow you to do a one-shot migration and not maintain both Drupal/KC, but that's not really an issue.