<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><span style="font-family: 'Helvetica'; font-size: 12pt; color: rgb( 0, 0, 0);">It seems like when using the user info endpoint in Step 2, I have to add additional headers. Looks like I have to write the custom ID provider.<div class=""><br class=""></div><div class="">Can I also check if Keycloak supports regular updates of user accounts? Since user account details can change from time to time, it would be nice to make Keycloak pull user account updates on a daily basis.<br class=""><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 8 Mar 2016, at 14:41, Stian Thorgersen <<a href="mailto:sthorger@redhat.com" class="">sthorger@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Write a custom identity provider extending OIDCIdentityProvider and override getFederatedIdentity. See <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html" class="">http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html</a> on how to deploy to Keycloak. I would imagine you don't need 1 as the sub (UID) should be available in the access token.</div><div class="gmail_extra"><br class=""><div class="gmail_quote">On 8 March 2016 at 03:45, Eugene Chow <span dir="ltr" class=""><<a href="mailto:eugene.chow.ct@gmail.com" target="_blank" class="">eugene.chow.ct@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi guys,<br class="">
<br class="">
I need to make Keycloak authenticate against a custom-built OpenID endpoint that’s not under my control. Keycloak authenticates flawlessly. The “but” here is that the endpoint doesn’t implement a standard User Info endpoint, so Keycloak isn’t able to grab the user’s profile. Getting the user’s profile is a 2-step process.<br class="">
<br class="">
1) Get the UID of the user from the standard User Info endpoint: <a href="https://custom.openid.io/openid/connect/v1/userinfo" rel="noreferrer" target="_blank" class="">https://custom.openid.io/openid/connect/v1/userinfo</a><br class="">
2) Use the UID from Step 1 to obtain the real User Info from here: <a href="https://custom.openid.io/realuserinfo/v1/users" rel="noreferrer" target="_blank" class="">https://custom.openid.io/realuserinfo/v1/users</a><br class="">
<br class="">
To make this happen, I have a feeling that I have to roll out my own identity provider and probably write a plugin using the Auth SPI. Could you please guide me in the right direction?<br class="">
<br class="">
Thanks in advance!<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br class="">
<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></div></span></body></html>