[keycloak-user] User federation provider taking care of ID provider links

Matuszak, Eduard eduard.matuszak at atos.net
Fri Jul 8 09:59:54 EDT 2016


Hello

I have implemented a (JPA-based) user federation provider that works pretty fine so far. We now want to be able to load the link information to a federated id provider (like google) from the external datasource into the Keycloak's DB by means of the user federation provider, when the user is initially created in the Keycloak DB via his first login (or via user-synchronization). So far I could see, the user federation SPI works with a UserModel class which does not care about those attributes. Do you see any chance to set such attributes in a userfederation-implementation?

One issue is, that keycloak's user entries are deleted when the userfederation provider fails to connect to the federated resource (not found how to to deactivate this behaviour so far). The user entry is recreated after the next login succeeded (OK and fine), but the link to the identity provider is lost (not fine). The other issue is, that we want to administer userattributes completey in the federated datasource to reduce complexity of our datamanagement.


Best regards, Eduard Matuszak


Dr. Eduard Matuszak

Worldline, an atos company
T  +49 (211)399 398 63
M +49 (163)166 23 67
F +49(211) 399 22 430
eduard.matuszak at atos.net<mailto:eduard.matuszak at atos.net>
Max-Stromeyer-Straße 116
78467 Konstanz
Germany
de.worldline.com<http://worldline.com/de/1/Home.html>
worldline.jobs.de<http://worldline.jobs.de>
facebook.com/WorldlineKarriere<http://www.facebook.com/WorldlineKarriere>



Worldline GmbH
Geschäftsführer: Wolf Kunisch
Aufsichtsratsvorsitzender: Christophe Duquenne
Sitz der Gesellschaft: Frankfurt/Main
Handelsregister: Frankfurt/Main HRB 40 417

* * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail by error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and shall not be liable for any damages resulting from any virus transmitted.
* * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160708/449c30e3/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 1227 bytes
Desc: Picture (Device Independent Bitmap) 1.jpg
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160708/449c30e3/attachment-0002.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 2.jpg
Type: image/jpeg
Size: 2883 bytes
Desc: Picture (Device Independent Bitmap) 2.jpg
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160708/449c30e3/attachment-0003.jpg 


More information about the keycloak-user mailing list