[keycloak-user] SSSD plugin to write to freeIPA

[Matthew Beliveau]

Hello,

I need to write a plug-in to write to a freeIPA server when logging in through Keycloak. I was looking through the SSSD code on the Keycloak Github to try and find a place where I could place a plug-in. Although, I am not quite sure where to begin or how to implement it. It would be great if you could point me in the right direction and give me a couple of tips to help me begin this process. The goal of the whole effort is to do automatic provisioning of the users into IPA when Keycloak is used for federation

My current environment:
Keycloak-A connected to IPA-A with an Apache App connected to the keycloak server and Keycloak-B connected to IPA-B. I have the Keycloak-A connected to Keycloak-B and I want to write a user from IPA-B to IPA-A when I try to log into my app with a user from IPA-B.

Where I have already looked:
https://github.com/keycloak/keycloak/pull/3761/files
https://github.com/keycloak/keycloak/blob/master/federation/sssd/src/main/java/org/keycloak/federation/sssd/ReadonlySSSDUserModelDelegate.java
https://github.com/keycloak/keycloak/blob/master/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java

Any help would be gratefully appreciated
Thank you,

Matthew Beliveau