topic Configuring keycloak backend db which is postgreSQL with nuxeo as user/group directory in Nuxeo Forum https://connect.hyland.com/t5/nuxeo-forum/configuring-keycloak-backend-db-which-is-postgresql-with-nuxeo/m-p/315687#M2688 <P>I wanted to point nuxeo to keycloak's backend db which is PostgreSQL for user/group directory For this I defined below extensions</P> <OL> <LI>sql datasource</LI> </OL> <PRE><CODE class="language-xml">&lt;?xml version="1.0"?&gt; &lt;component name="postgre.keycloak.datasource.config" version = "1.0"&gt; &lt;require&gt;org.nuxeo.runtime.datasource.server.contrib&lt;/require&gt; &lt;extension target="org.nuxeo.runtime.datasource" point="datasources"&gt; &lt;datasource name="jdbc/testdb" driverClassName="org.postgresql.Driver" maxPoolSize="20" minPoolSize="5" blockingTimeoutMillis="10000"&gt; &lt;property name="url"&gt;jdbc:postgresql://&lt;host&gt;:&lt;port&gt;/testdb &lt;/property&gt; &lt;property name="username"&gt;user&lt;/property&gt; &lt;property name="password"&gt;*****&lt;/property&gt; &lt;/datasource&gt; &lt;/extension&gt; &lt;/component&gt; </CODE></PRE> <OL start="2"> <LI>SQL directory configuration for user as well group</LI> </OL> <PRE><CODE class="language-xml">&lt;?xml version="1.0"?&gt; &lt;component name="custom.directory.sql.config" version = "1.0"&gt; &lt;require&gt;org.nuxeo.ecm.directory.sql.SQLDirectoryFactory&lt;/require&gt; &lt;require&gt;postgre.keycloak.datasource.config&lt;/require&gt; &lt;extension target="org.nuxeo.ecm.directory.sql.SQLDirectoryFactory" point="directories"&gt; &lt;directory name="demoUserSQLDirectory"&gt; &lt;schema&gt;user&lt;/schema&gt; &lt;dataSource&gt;testdb&lt;/dataSource&gt; &lt;table&gt;keycloak_user&lt;/table&gt; &lt;idField&gt;username&lt;/idField&gt; &lt;autoincrementIdField&gt;false&lt;/autoincrementIdField&gt; &lt;dataFile&gt;&lt;/dataFile&gt; &lt;createTablePolicy&gt;never&lt;/createTablePolicy&gt; &lt;querySizeLimit&gt;15&lt;/querySizeLimit&gt; &lt;references&gt; &lt;inverseReference directory="demoGroupSQLDirectory" dualReferenceField="members" field="groups"/&gt; &lt;/references&gt; &lt;/directory&gt; &lt;directory name="demoGroupSQLDirectory"&gt; &lt;schema&gt;group&lt;/schema&gt; &lt;dataSource&gt;testdb&lt;/dataSource&gt; &lt;table&gt;keycloak_group&lt;/table&gt; &lt;idField&gt;groupname&lt;/idField&gt; &lt;dataFile&gt;&lt;/dataFile&gt; &lt;createTablePolicy&gt;never&lt;/createTablePolicy&gt; &lt;autoincrementIdField&gt;false&lt;/autoincrementIdField&gt; &lt;references&gt; &lt;tableReference dataFile="" directory="demoUserSQLDirectory" field="members" schema="user2group" sourceColumn="groupId" table="keycloak_user_group" targetColumn="userId"/&gt; &lt;!--&lt;tableReference directory="demoGroupSQLDirectory" field="subGroups" schema="group2group" sourceColumn="child_role" table="composite_role" targetColumn="composite"/&gt;&lt;inverseReference directory="demoGroupSQLDirectory" dualReferenceField="subGroups" field="parentGroups"/&gt; --&gt; &lt;/references&gt; &lt;/directory&gt; &lt;/extension&gt; &lt;extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager"&gt; &lt;userManager&gt; &lt;users&gt; &lt;directory&gt;demoUserSQLDirectory&lt;/directory&gt; &lt;/users&gt; &lt;groups&gt; &lt;directory&gt;demoGroupSQLDirectory&lt;/directory&gt; &lt;/groups&gt; &lt;defaultAdministratorId&gt;administrator&lt;/defaultAdministratorId&gt; &lt;defaultGroup&gt;custom_group&lt;/defaultGroup&gt; &lt;/userManager&gt; &lt;/extension&gt; &lt;/component&gt; </CODE></PRE> <UL> <LI>Here I tried to execute search query on user using username, I faced below exception org.postgresql.util.PSQLException: ERROR: column "firstName" does not exist</LI> <LI>And when I went through the code of org.nuxeo.ecm.directory.sql.SQLSQLDirectory, nuxeo looks for schema attributes in database table (e.g select username, email, firstName, lastName from ....). But as here, the column names are different in keycloak from nuxeo schema attributes, the search is failing.</LI> </UL> <P>Can any please suggest how I handle the above scenario where schema of user/group differs in nuxeo and database tables?</P> <P>P.S.</P> <UL> <LI>In ldap directory configuration, the mapping between ldap attribute and nuxeo schema attribute can be added using tag <CODE>&lt;fieldMapping&gt;</CODE></LI> <LI>e.g for username, <CODE>&lt;fieldMapping name="username"&gt;cn&lt;/fieldMapping&gt; </CODE> Such tag is not supported in SQLDirectoryDescriptor</LI> </UL> <PRE><CODE class="language-xml">&lt;users&gt; &lt;directory&gt;demoUserSQLDirectory&lt;/directory&gt; &lt;/users&gt; &lt;groups&gt; &lt;directory&gt;demoGroupSQLDirectory&lt;/directory&gt; &lt;/groups&gt; </CODE></PRE> <UL> <LI>I overrode the user and group schema using contributions and the schema is getting overridden successfully</LI> <LI>But during initialization of nuxeo, the SQLDirectory is picking up the default directory definition and failing as default schema is changed</LI> </UL> Mon, 01 Jul 2019 05:12:13 GMT Ravindra_Nalavd 2019-07-01T05:12:13Z Configuring keycloak backend db which is postgreSQL with nuxeo as user/group directory https://connect.hyland.com/t5/nuxeo-forum/configuring-keycloak-backend-db-which-is-postgresql-with-nuxeo/m-p/315687#M2688 <P>I wanted to point nuxeo to keycloak's backend db which is PostgreSQL for user/group directory For this I defined below extensions</P> <OL> <LI>sql datasource</LI> </OL> <PRE><CODE class="language-xml">&lt;?xml version="1.0"?&gt; &lt;component name="postgre.keycloak.datasource.config" version = "1.0"&gt; &lt;require&gt;org.nuxeo.runtime.datasource.server.contrib&lt;/require&gt; &lt;extension target="org.nuxeo.runtime.datasource" point="datasources"&gt; &lt;datasource name="jdbc/testdb" driverClassName="org.postgresql.Driver" maxPoolSize="20" minPoolSize="5" blockingTimeoutMillis="10000"&gt; &lt;property name="url"&gt;jdbc:postgresql://&lt;host&gt;:&lt;port&gt;/testdb &lt;/property&gt; &lt;property name="username"&gt;user&lt;/property&gt; &lt;property name="password"&gt;*****&lt;/property&gt; &lt;/datasource&gt; &lt;/extension&gt; &lt;/component&gt; </CODE></PRE> <OL start="2"> <LI>SQL directory configuration for user as well group</LI> </OL> <PRE><CODE class="language-xml">&lt;?xml version="1.0"?&gt; &lt;component name="custom.directory.sql.config" version = "1.0"&gt; &lt;require&gt;org.nuxeo.ecm.directory.sql.SQLDirectoryFactory&lt;/require&gt; &lt;require&gt;postgre.keycloak.datasource.config&lt;/require&gt; &lt;extension target="org.nuxeo.ecm.directory.sql.SQLDirectoryFactory" point="directories"&gt; &lt;directory name="demoUserSQLDirectory"&gt; &lt;schema&gt;user&lt;/schema&gt; &lt;dataSource&gt;testdb&lt;/dataSource&gt; &lt;table&gt;keycloak_user&lt;/table&gt; &lt;idField&gt;username&lt;/idField&gt; &lt;autoincrementIdField&gt;false&lt;/autoincrementIdField&gt; &lt;dataFile&gt;&lt;/dataFile&gt; &lt;createTablePolicy&gt;never&lt;/createTablePolicy&gt; &lt;querySizeLimit&gt;15&lt;/querySizeLimit&gt; &lt;references&gt; &lt;inverseReference directory="demoGroupSQLDirectory" dualReferenceField="members" field="groups"/&gt; &lt;/references&gt; &lt;/directory&gt; &lt;directory name="demoGroupSQLDirectory"&gt; &lt;schema&gt;group&lt;/schema&gt; &lt;dataSource&gt;testdb&lt;/dataSource&gt; &lt;table&gt;keycloak_group&lt;/table&gt; &lt;idField&gt;groupname&lt;/idField&gt; &lt;dataFile&gt;&lt;/dataFile&gt; &lt;createTablePolicy&gt;never&lt;/createTablePolicy&gt; &lt;autoincrementIdField&gt;false&lt;/autoincrementIdField&gt; &lt;references&gt; &lt;tableReference dataFile="" directory="demoUserSQLDirectory" field="members" schema="user2group" sourceColumn="groupId" table="keycloak_user_group" targetColumn="userId"/&gt; &lt;!--&lt;tableReference directory="demoGroupSQLDirectory" field="subGroups" schema="group2group" sourceColumn="child_role" table="composite_role" targetColumn="composite"/&gt;&lt;inverseReference directory="demoGroupSQLDirectory" dualReferenceField="subGroups" field="parentGroups"/&gt; --&gt; &lt;/references&gt; &lt;/directory&gt; &lt;/extension&gt; &lt;extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager"&gt; &lt;userManager&gt; &lt;users&gt; &lt;directory&gt;demoUserSQLDirectory&lt;/directory&gt; &lt;/users&gt; &lt;groups&gt; &lt;directory&gt;demoGroupSQLDirectory&lt;/directory&gt; &lt;/groups&gt; &lt;defaultAdministratorId&gt;administrator&lt;/defaultAdministratorId&gt; &lt;defaultGroup&gt;custom_group&lt;/defaultGroup&gt; &lt;/userManager&gt; &lt;/extension&gt; &lt;/component&gt; </CODE></PRE> <UL> <LI>Here I tried to execute search query on user using username, I faced below exception org.postgresql.util.PSQLException: ERROR: column "firstName" does not exist</LI> <LI>And when I went through the code of org.nuxeo.ecm.directory.sql.SQLSQLDirectory, nuxeo looks for schema attributes in database table (e.g select username, email, firstName, lastName from ....). But as here, the column names are different in keycloak from nuxeo schema attributes, the search is failing.</LI> </UL> <P>Can any please suggest how I handle the above scenario where schema of user/group differs in nuxeo and database tables?</P> <P>P.S.</P> <UL> <LI>In ldap directory configuration, the mapping between ldap attribute and nuxeo schema attribute can be added using tag <CODE>&lt;fieldMapping&gt;</CODE></LI> <LI>e.g for username, <CODE>&lt;fieldMapping name="username"&gt;cn&lt;/fieldMapping&gt; </CODE> Such tag is not supported in SQLDirectoryDescriptor</LI> </UL> <PRE><CODE class="language-xml">&lt;users&gt; &lt;directory&gt;demoUserSQLDirectory&lt;/directory&gt; &lt;/users&gt; &lt;groups&gt; &lt;directory&gt;demoGroupSQLDirectory&lt;/directory&gt; &lt;/groups&gt; </CODE></PRE> <UL> <LI>I overrode the user and group schema using contributions and the schema is getting overridden successfully</LI> <LI>But during initialization of nuxeo, the SQLDirectory is picking up the default directory definition and failing as default schema is changed</LI> </UL> Mon, 01 Jul 2019 05:12:13 GMT https://connect.hyland.com/t5/nuxeo-forum/configuring-keycloak-backend-db-which-is-postgresql-with-nuxeo/m-p/315687#M2688 Ravindra_Nalavd 2019-07-01T05:12:13Z