Thank you Marek
To check that I understand this approach correctly, is the following a correct summary of how a federation provider works?
- existing user tries to login via Keycloak
- Keycloak checks if the user exists in the keycloak IDM. If user is not there then use federation provider
- the provider will get the user by email address or username, and return the User object.
- This user object can then be mapped and saved into keycloak.
- Next time user tries to login user is retrieved from keycloak idm
Question - where is the federated provider deployed? Is it in our app, or installed into Keycloak? Or something else?