[keycloak-user] User Registration using UserFederationProvider
Hi Team,
We are implementing Keycloak as an SSO Server, linked to our existing back-end that is
currently responsible for maintaining user registration details. We have developed a
UserFederationProvider and are able to login correctly and add our existing authentication
token to the JSON Web Token.
The next step was to use the back-end server for user registrations and this is where we
are having problems.
We have added the desired fields to registration.ftl for our chosen theme and have
verified that these fields are being added as attributes. We have the problem that the
federation provider’s register(RealmModel realm, UserModel user) method is called before
any fields (other than username) are populated from the registration form (See
LoginActionsService.java - line 625) and we cannot register the user without these fields
being populated.
For our demo to the team, we have found a work-around, whereby we have created an
EventListenerProvider that handles the REGISTER event, and performs the user registration
at that point. This works since we have all of the information we need by then.
Clearly, Keycloak is expecting to be the primary holder for information collected during
the registration process but there are several issues with the way it currently works:
1. There is no way to add validation for any extra fields that are added to the
registration page, or to change the validation rules for existing fields on that page. It
would be useful to have a Validation SPI for modules to be able to provide their own
validation.
2. As mentioned, the federation provider’s register method is called before the additional
fields are added to the UserModel.
3. There is no way for the federation provider’s register method to report an error during
registration, e.g. a comms error or missing data. Any exception thrown during this call
results in a blank page showing “Internal Server Error”.
I am hoping for some guidance here, on whether we have chosen the correct approach to user
registration or whether we should be doing it differently.
Thanks in advance,
Greg Jones