Re: [keycloak-user] Custom User Info URL for an OpenID Connect endpoint

On 8 Mar 2016, at 14:41, Stian Thorgersen <sthorger(a)redhat.com&gt; wrote: Write a custom identity provider extending OIDCIdentityProvider and override getFederatedIdentity. See http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html <http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.h... on how to deploy to Keycloak. I would imagine you don't need 1 as the sub (UID) should be available in the access token. On 8 March 2016 at 03:45, Eugene Chow <eugene.chow.ct(a)gmail.com <mailto:eugene.chow.ct@gmail.com>> wrote: Hi guys, I need to make Keycloak authenticate against a custom-built OpenID endpoint that’s not under my control. Keycloak authenticates flawlessly. The “but” here is that the endpoint doesn’t implement a standard User Info endpoint, so Keycloak isn’t able to grab the user’s profile. Getting the user’s profile is a 2-step process. 1) Get the UID of the user from the standard User Info endpoint: https://custom.openid.io/openid/connect/v1/userinfo <https://custom.openid.io/openid/connect/v1/userinfo> 2) Use the UID from Step 1 to obtain the real User Info from here: https://custom.openid.io/realuserinfo/v1/users <https://custom.openid.io/realuserinfo/v1/users> To make this happen, I have a feeling that I have to roll out my own identity provider and probably write a plugin using the Auth SPI. Could you please guide me in the right direction? Thanks in advance! _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>