3:23 p.m.
As a general answer you are on the right path but the SPI you are using is
not public yet thus the warning you are seeing in logs.
You should probably review other implementations and base yours based on
them. As you mentioned, most of them are based on standards so the code
should be easy to follow.
On Tue, Oct 24, 2017 at 7:15 AM, Dominik Guhr <pinguwien(a)gmail.com> wrote:
Hi everyone,
I've a Problem creating a custom Identity Provider which I want to use
for identity Brokering (using kc version 3.2.1) and hope you could help:
** My Scenario:
There's a legacy, non-standard, xml-based "SSO" Protocol which I want to
broker to enrich it with roles etc. and provide it as an option in my
realm beneath ither options such as a brokered IDP using SAML, social
login, etc.
** What I've tried so far:
Writing a project and provisioning it to the wildfly as a module with
following structure:
//IDP class
public class MyIdentityProvider implements
IdentityProvider<MyIdentityProviderConfig> {
//overridden methods (not implemented)
}
//Factory
public class MyIdentityProviderFactory implements
IdentityProviderFactory<MyIdentityProvider> {
//overridden methods (just implemented getId -> "MyIDP" and getName
"My IDP" so far)
}
//config
public class MyIdentityProviderConfig extends IdentityProviderModel {
//empty so far.
}
Plus the org.keycloak.broker.provider.IdentityProviderFactory in
META-INF pointing to com.my.MyIdentityProviderFactory
Outcome is, when I'm publishing this to keycloak, I've got a new field
on the identity provider dropdown (which is unclickable, yet, expectedly).
**My Problems/Questions:
1. All IDPs I see implemented are using standards such as oauth2, but I
am missing a more general architectural advice for custom
implementations, such as "you have to override this, that and that
method and you definitely need this, that and thus property / process to
be compatible to keycloak with your custom SSO
So, question: Which methods and interfaces do I definitely have to
implement to get my custom idp going? Is there something like an
architectural overview? (considering I am on the right track here)
2. I get this warning starting keycloak:
WARN [org.keycloak.services] (ServerService Thread Pool -- 50)
KC-SERVICES0047: My IDP (com.my.MyIdentityProviderFactory) is
implementing the internal SPI identity_provider. This SPI is internal
and may change without notice
So, this leads me to the second question: Am I missing something? Am I
on the wrong track, perhaps? Is there another, better way to implement
this? (I am fairly new)
And last but not least, a very general question:
3. am I on the right mailinglist for this kind of question, or is this
more for the dev-list? Or do u guys have a slackchannel or something
like that where I could join?
Would be great to hear from you!
Best regards,
Dominik
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user