[keycloak-user] Exposing federatedIdentity object in other locations

[Michael Anthon]

I have a need to do some template manipulation based on the state of the federatedIdentity object for the user.

For example, if the user had a federated identity then we don't want them to be able to reset their password within Keycloak.  In this case I want to alter the password.ftl to remove the password fields and display instead a message telling them to go to their IdP to update their password.

An extra property against the IdP to store a URL that we could use inside the template to provide a link to the right address to go to for resetting the password would also be awesome but a generic message would suffice in most cases (or we could store extra message strings including those URLs keyed on the IdP alias maybe)

It would also be useful in the main account template.ftl to show or hide the identity tab depending on whether they have any federations or not ( we have already modified federatedIdentity to hide any IdP that is not already linked to that user)


So, would this be possible or desirable, or is there another way to achieve what I want?

Thanks,
Michael