<div dir="ltr">The user federation provider is the way to go. Our examples distribution includes an example user federation provider that should help you get started.</div><div class="gmail_extra"><br><div class="gmail_quote">On 21 May 2016 at 11:07, Simon Gordon <span dir="ltr"><<a href="mailto:dev@sgordon.totalise.co.uk" target="_blank">dev@sgordon.totalise.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Hello<br>
<br>
Looking for some guidance please - let's say that we want to authenticate<br>
users against an external authenticator (e.g. RADIUS server, or a custom<br>
REST API) and at the time of login, the user does not necessarily have a<br>
profile/account within keycloak.<br>
<br>
My initial scan suggests that we just need to create an Authenticator<br>
Provider - but I'm concerned that since the user account does not<br>
necessarily exist in KC, I can't see how the Authenticator provider will<br>
work. Should I be looking at a userFederation provider instead? Looking at<br>
the server-spi module, I'm not seeing the Interface(s) to implement, so any<br>
pointers gratefuilly received!<br>
<br>
Regards,<br>
<br>
Simon<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br></div>