[keycloak-user] Custom User Info URL for an OpenID Connect endpoint
Stian Thorgersen
sthorger at redhat.com
Wed Mar 9 00:26:57 EST 2016
We don't support regular updates through identity brokers, but it's
possible to write a custom user federation provider that does that.
On 9 March 2016 at 03:21, Eugene Chow <eugene.chow.ct at gmail.com> wrote:
> It seems like when using the user info endpoint in Step 2, I have to add
> additional headers. Looks like I have to write the custom ID provider.
>
> Can I also check if Keycloak supports regular updates of user accounts?
> Since user account details can change from time to time, it would be nice
> to make Keycloak pull user account updates on a daily basis.
>
>
> On 8 Mar 2016, at 14:41, Stian Thorgersen <sthorger at redhat.com> wrote:
>
> Write a custom identity provider extending OIDCIdentityProvider and
> override getFederatedIdentity. See
> http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
> on how to deploy to Keycloak. I would imagine you don't need 1 as the sub
> (UID) should be available in the access token.
>
> On 8 March 2016 at 03:45, Eugene Chow <eugene.chow.ct at gmail.com> wrote:
>
>> Hi guys,
>>
>> I need to make Keycloak authenticate against a custom-built OpenID
>> endpoint that’s not under my control. Keycloak authenticates flawlessly.
>> The “but” here is that the endpoint doesn’t implement a standard User Info
>> endpoint, so Keycloak isn’t able to grab the user’s profile. Getting the
>> user’s profile is a 2-step process.
>>
>> 1) Get the UID of the user from the standard User Info endpoint:
>> https://custom.openid.io/openid/connect/v1/userinfo
>> 2) Use the UID from Step 1 to obtain the real User Info from here:
>> https://custom.openid.io/realuserinfo/v1/users
>>
>> To make this happen, I have a feeling that I have to roll out my own
>> identity provider and probably write a plugin using the Auth SPI. Could you
>> please guide me in the right direction?
>>
>> Thanks in advance!
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160309/e8bbe26c/attachment-0001.html
More information about the keycloak-user
mailing list