Hi All.
I try to develop custom authentication module for Keycloak server.
According to requirements I need to validate not only login/password but
one more attribute - siteId, which indicates the country domain of the
application.
I implemented factory and
*SiteIdAuthenticator extends **UsernamePasswordForm*
In my *action *method I check all needed credential and if it's OK, I
create new user account. (Or if user already exists, just fetch its
account and add it to AuthenticationFlowContext )
validateUserAndPassword(AuthenticationFlowContext context,
MultivaluedMap<String, String> inputData) {
...
UserModel userById =
context.getSession().userLocalStorage().getUserById(userId,
context.getRealm());
if(userById == null) {
logger.info("add new user:" + userId);
UserModel userModel =
context.getSession().userLocalStorage().addUser(context.getRealm(),
userId, userName, true, false);
context.setUser(userModel);
}
else {
logger.info("user exists:" + userId);
context.setUser(userById);
}
...
}
My question is - Do I really have to add new user account to user
storage? Because in Keycloak version 2.5.1 there is a posibiliti of
non-importing user fedration.
So maybe it is somehow possible to implement custom Authenticator
without creating new user account in Keycloaks storage?
Thanks in advice,
Pavel
Show replies by date