[keycloak-user] Entreprise IDP
Adrian Gonzalez
adr_gonzalez at yahoo.fr
Thu Feb 1 13:23:16 EST 2018
Hello,
I'm using Social IDP in Keycloak, that's working awesome !
Now, I need to integrate more entreprise IDP, and show those IDP only to users in these entreprises.
1. an entreprise IDP will need to be associated with a list of email domains.
(entreprise IDP will be automatically used if the user email matches). 2. in the Login UI, only the links for social IDPs will be shown, the entreprise IDPs will be hidden. 3. if the user enters an email corresponding to one of the entreprise IDP: * we hide the password field * if the user clicks on submit, he's redirected to the entreprise idp. 4. as a bonus: if he's redirected to the entreprise IDP, I'd like to have the email/username field already pre-filled.
I don't think a similar feature exist for the moment. If yes, please someone tell me :)
What I did for the moment is : - REST Service providing IDPs info to the front end (RealmResourceProviderFactory extension) - I hacked the login page (custom theme) and added a js script that : - calls the previous REST Service - hides/shows the password label and field - intercepts submit call and redirects to the entreprise idp
What I'm missing is : - is there a way to add custom information in an idp i.e. like isEntreprise boolean (how ?). if not, I'd need to create an additional table and create a custom UI to handle that (a bit awkward :( ) - didn't pass the email to the external idp
Would someone have an idea of how to do this (if I could add this custom info in the idp it would be great !)Is there a better way to achieve that ? Or more generic ?
Thanks for the insights !Adrian
N.B. some links around this subject (just as reference material)http://lists.jboss.org/pipermail/keycloak-dev/2014-November/003073.html (see 4 - Selecting provider)http://lists.jboss.org/pipermail/keycloak-user/2017-January/008965.htmlhttps://issues.jboss.org/browse/KEYCLOAK-1515
More information about the keycloak-user
mailing list