[keycloak-dev] Some feature suggestions for Identity Provider support

[Stian Thorgersen]

On Tue, 3 Jul 2018 at 13:46, Thomas Darimont <thomas.darimont at googlemail.com>
wrote:

> Hello Keycloak-Team,
>
> for a integration scenario with a big german internet provider I needed to
> implement
> a custom OAuth2 based IdentityProvider.
> It worked out quite well but I encountered some things which currently
> require
> custom coding that could be provided out of the box.
>
> - Default roles for users that come via Identity Provider
> I need to assign some realm- / client-roles to users that come via that
> IdP.
> Users that come via that IdP should be able to access certain client
> applications by default.
> Of course one could programmatically add appropriate roles to newly created
> broker users,
> but it would be nicer to be able to configure a set of default roles on IdP
> level, like roles / scopes
> for Clients / Service Accounts.
>

Is that already possible with mappers on the identity provider?


>
> - Allow multiple IdP definitions of the same type with different names
> (google-test, google-staging)
> At the moment it seems that one can only have one IdP per IdP-type (e.g.
> just one google, one twitter etc.).
> However for testing it would be handy to be able to define multiple IdP
> definitions of the same type
> with different identifiers.
> A workaround for this would be to use different realms for this but if one
> needs to work with multiple
> testing / staging environments this becomes complicated quickly.
>

It's only the social providers that are limited to a single instance. Not
sure I see the need to have more than one Google or Twitter provider for
the same realm.


>
> WDYT?
>
> Cheers,
> Thomas
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>