The user federation provider is the way to go. Our examples distribution includes an example user federation provider that should help you get started.

On 21 May 2016 at 11:07, Simon Gordon <dev@sgordon.totalise.co.uk> wrote:


Hello

Looking for some guidance please - let's say that we want to authenticate
users against an external authenticator (e.g. RADIUS server, or a custom
REST API) and at the time of login, the user does not necessarily have a
profile/account within keycloak.

My initial scan suggests that we just need to create an Authenticator
Provider - but I'm concerned that since the user account does not
necessarily exist in KC, I can't see how the Authenticator provider will
work. Should I be looking at a userFederation provider instead? Looking at
the server-spi module, I'm not seeing the Interface(s) to implement, so any
pointers gratefuilly received!

Regards,

  Simon

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user