8:45 p.m.
Hi guys,
I need to make Keycloak authenticate against a custom-built OpenID endpoint that’s not
under my control. Keycloak authenticates flawlessly. The “but” here is that the endpoint
doesn’t implement a standard User Info endpoint, so Keycloak isn’t able to grab the user’s
profile. Getting the user’s profile is a 2-step process.
1) Get the UID of the user from the standard User Info endpoint:
https://custom.openid.io/openid/connect/v1/userinfo
2) Use the UID from Step 1 to obtain the real User Info from here:
https://custom.openid.io/realuserinfo/v1/users
To make this happen, I have a feeling that I have to roll out my own identity provider and
probably write a plugin using the Auth SPI. Could you please guide me in the right
direction?
Thanks in advance!
12:41 a.m.
Write a custom identity provider extending OIDCIdentityProvider and
override getFederatedIdentity. See
http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
on how to deploy to Keycloak. I would imagine you don't need 1 as the sub
(UID) should be available in the access token.
On 8 March 2016 at 03:45, Eugene Chow <eugene.chow.ct(a)gmail.com> wrote:
Hi guys,
I need to make Keycloak authenticate against a custom-built OpenID
endpoint that’s not under my control. Keycloak authenticates flawlessly.
The “but” here is that the endpoint doesn’t implement a standard User Info
endpoint, so Keycloak isn’t able to grab the user’s profile. Getting the
user’s profile is a 2-step process.
1) Get the UID of the user from the standard User Info endpoint:
https://custom.openid.io/openid/connect/v1/userinfo
2) Use the UID from Step 1 to obtain the real User Info from here:
https://custom.openid.io/realuserinfo/v1/users
To make this happen, I have a feeling that I have to roll out my own
identity provider and probably write a plugin using the Auth SPI. Could you
please guide me in the right direction?
Thanks in advance!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:21 p.m.
It seems like when using the user info endpoint in Step 2, I have to add additional
headers. Looks like I have to write the custom ID provider.
Can I also check if Keycloak supports regular updates of user accounts? Since user account
details can change from time to time, it would be nice to make Keycloak pull user account
updates on a daily basis.
On 8 Mar 2016, at 14:41, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Write a custom identity provider extending OIDCIdentityProvider and override
getFederatedIdentity. See
http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
<http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.h... on
how to deploy to Keycloak. I would imagine you don't need 1 as the sub (UID) should be
available in the access token.
On 8 March 2016 at 03:45, Eugene Chow <eugene.chow.ct(a)gmail.com
<mailto:eugene.chow.ct@gmail.com>> wrote:
Hi guys,
I need to make Keycloak authenticate against a custom-built OpenID endpoint that’s not
under my control. Keycloak authenticates flawlessly. The “but” here is that the endpoint
doesn’t implement a standard User Info endpoint, so Keycloak isn’t able to grab the user’s
profile. Getting the user’s profile is a 2-step process.
1) Get the UID of the user from the standard User Info endpoint:
https://custom.openid.io/openid/connect/v1/userinfo
<https://custom.openid.io/openid/connect/v1/userinfo>
2) Use the UID from Step 1 to obtain the real User Info from here:
https://custom.openid.io/realuserinfo/v1/users
<https://custom.openid.io/realuserinfo/v1/users>
To make this happen, I have a feeling that I have to roll out my own identity provider
and probably write a plugin using the Auth SPI. Could you please guide me in the right
direction?
Thanks in advance!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
11:26 p.m.
We don't support regular updates through identity brokers, but it's
possible to write a custom user federation provider that does that.
On 9 March 2016 at 03:21, Eugene Chow <eugene.chow.ct(a)gmail.com> wrote:
It seems like when using the user info endpoint in Step 2, I have to
add
additional headers. Looks like I have to write the custom ID provider.
Can I also check if Keycloak supports regular updates of user accounts?
Since user account details can change from time to time, it would be nice
to make Keycloak pull user account updates on a daily basis.
On 8 Mar 2016, at 14:41, Stian Thorgersen <sthorger(a)redhat.com> wrote:
Write a custom identity provider extending OIDCIdentityProvider and
override getFederatedIdentity. See
http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
on how to deploy to Keycloak. I would imagine you don't need 1 as the sub
(UID) should be available in the access token.
On 8 March 2016 at 03:45, Eugene Chow <eugene.chow.ct(a)gmail.com> wrote:
> Hi guys,
>
> I need to make Keycloak authenticate against a custom-built OpenID
> endpoint that’s not under my control. Keycloak authenticates flawlessly.
> The “but” here is that the endpoint doesn’t implement a standard User Info
> endpoint, so Keycloak isn’t able to grab the user’s profile. Getting the
> user’s profile is a 2-step process.
>
> 1) Get the UID of the user from the standard User Info endpoint:
> https://custom.openid.io/openid/connect/v1/userinfo
> 2) Use the UID from Step 1 to obtain the real User Info from here:
> https://custom.openid.io/realuserinfo/v1/users
>
> To make this happen, I have a feeling that I have to roll out my own
> identity provider and probably write a plugin using the Auth SPI. Could you
> please guide me in the right direction?
>
> Thanks in advance!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
3231
days inactive
3232
days old
3 comments
2 participants
participants (2)
-
Eugene Chow -
Stian Thorgersen