[keycloak-dev] Abstract User Adapter Federated Storage & Abstract Idp Authenticator
Adrien DESBIAUX
adesbiaux at vente-privee.com
Thu Mar 15 08:16:08 EDT 2018
Hi everyone,
I would like to get some advices on how to use the "First broker login" flow combined with the Abstract User Adapter Federated Storage.
That means the user is not by default in the local Keycloak DB.
The users from the user federation are NOT imported into the local DB.
Hence the use of the `AbstractUserAdapterFederatedStorage`.
In the case of a Facebook login. The default flow is the "First broker login" flow.
I did implement a custom Authenticator based on the default "First broker login".
So in the `authenticateImpl` function, I would like a user login in with Facebook AND not in the User Federation (external DB) to be created the same way as it would be if it was via username/password.
Long story short, I don't want to have `UserModel federatedUser = session.users().addUser(); federatedUser.setEnabled(true);` and `context.setUser(federatedUser);` but just exit success upon successfully user created on the remote storage.
I did try to not execute those 2 steps however the auth keep failing with "User with ID not found".
By looking at the source code of the `AbstractIdpAuthenticator.java` I found out https://github.com/keycloak/keycloak/blob/ee2d28d589ee62d0e0c0e35dd7bab4308b62faf6/services/src/main/java/org/keycloak/authentication/authenticators/broker/AbstractIdpAuthenticator.java#L129
So that means that if I do not execute the `addUser` and `setEnabled`, I will never be able to register a user from Facebook and complete the auth by using an external user federation?
In short, I don't want to store any user locally when the user connect from Facebook, but the Keycloak source code looks like forcing it.
Is it correct?
I hope I was clear enough in my explanation....
I can provide more details if it is not so clear.
Many thanks in advance for your enlightening on this.
Regards,
More information about the keycloak-dev
mailing list