I think yes, that's what you can to do. And I think that you don't need to implement any Authentication Provider, really just an User Federation Provider.It looks like a custom User Federation Provider in needs to be created in order to access a REST Service for user information and an Authentication Provider to authenticate against a REST Service.Is there more documentation to be found on these subjects other than the inline code comments, User Manual, and github based docs?
I've looked at the example User Federation Provider that uses a static file and the Authentication Provider examples which enforce secret question / answer flow. I have a better understanding of what needs to be accomplished, but I'm still quite a ways from where I need to be.
Can anyone point me in the direction of an example User Federation Provider and / or an Authentication Provider that uses a REST Service? (Google hasn't found any examples for me.)
Could I possibly be making it more difficult than it is, do I simply need to substitute http requests for file i/o in the User Federation Provider example?
The Flow (as I understand it, please confirm / correct as needed):
- User lands on Keycloak login page and initiates login
- User does not exist in Keycloak
- REST API is asked to authenticate via Authentication Provider SPI
- User is authenticated
- REST API is asked for user information to create user in Keycloak (part of this process would need to decrypt the existing password and then encrypt it using Keycloak's "default" method.)
- User is created in Keycloak and any further authentication / authorization logic will remain "in house"
Thank you for your time,
jim
_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user