[keycloak-dev] Some feature suggestions for Identity Provider support

Thomas Darimont thomas.darimont at googlemail.com
Tue Jul 3 07:22:16 EDT 2018


Hello Keycloak-Team,

for a integration scenario with a big german internet provider I needed to
implement
a custom OAuth2 based IdentityProvider.
It worked out quite well but I encountered some things which currently
require
custom coding that could be provided out of the box.

- Default roles for users that come via Identity Provider
I need to assign some realm- / client-roles to users that come via that IdP.
Users that come via that IdP should be able to access certain client
applications by default.
Of course one could programmatically add appropriate roles to newly created
broker users,
but it would be nicer to be able to configure a set of default roles on IdP
level, like roles / scopes
for Clients / Service Accounts.

- Allow multiple IdP definitions of the same type with different names
(google-test, google-staging)
At the moment it seems that one can only have one IdP per IdP-type (e.g.
just one google, one twitter etc.).
However for testing it would be handy to be able to define multiple IdP
definitions of the same type
with different identifiers.
A workaround for this would be to use different realms for this but if one
needs to work with multiple
testing / staging environments this becomes complicated quickly.

WDYT?

Cheers,
Thomas


More information about the keycloak-dev mailing list