Re: [keycloak-dev] Some feature suggestions for Identity Provider support
On Tue, 3 Jul 2018 at 13:46, Thomas Darimont <thomas.darimont(a)googlemail.com>
wrote:
Hello Keycloak-Team,
for a integration scenario with a big german internet provider I needed to
implement
a custom OAuth2 based IdentityProvider.
It worked out quite well but I encountered some things which currently
require
custom coding that could be provided out of the box.
- Default roles for users that come via Identity Provider
I need to assign some realm- / client-roles to users that come via that
IdP.
Users that come via that IdP should be able to access certain client
applications by default.
Of course one could programmatically add appropriate roles to newly created
broker users,
but it would be nicer to be able to configure a set of default roles on IdP
level, like roles / scopes
for Clients / Service Accounts.
Is that already possible with mappers on the identity provider?
- Allow multiple IdP definitions of the same type with different names
(google-test, google-staging)
At the moment it seems that one can only have one IdP per IdP-type (e.g.
just one google, one twitter etc.).
However for testing it would be handy to be able to define multiple IdP
definitions of the same type
with different identifiers.
A workaround for this would be to use different realms for this but if one
needs to work with multiple
testing / staging environments this becomes complicated quickly.
It's only the social providers that are limited to a single instance. Not
sure I see the need to have more than one Google or Twitter provider for
the same realm.
WDYT?
Cheers,
Thomas
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev