[keycloak-user] Custom Authenticator development

[Pavel Bezdienezhnykh]

Hi All.

I try to develop custom authentication module for Keycloak server.
According to requirements I need to validate not only login/password but
one more attribute - siteId, which  indicates the country domain of the
application.

I implemented factory and

*SiteIdAuthenticator extends **UsernamePasswordForm*
In my *action *method I check all needed credential and if it's OK, I
create new user account. (Or if user already exists, just fetch its
account and add it to AuthenticationFlowContext )


validateUserAndPassword(AuthenticationFlowContext context,
MultivaluedMap<String, String> inputData) {

...

UserModel userById =
context.getSession().userLocalStorage().getUserById(userId,
context.getRealm());
if(userById == null) {
    logger.info("add new user:" + userId);
    UserModel userModel =
context.getSession().userLocalStorage().addUser(context.getRealm(),
userId, userName, true, false);
    context.setUser(userModel);
}
else {
    logger.info("user exists:" + userId);
    context.setUser(userById);
}

...

}


My question is - Do I really have to add new user account to user
storage? Because in Keycloak version 2.5.1 there is a posibiliti of
non-importing user fedration.

So maybe it is somehow possible to implement custom Authenticator
without creating new user account in Keycloaks storage?

Thanks in advice,
Pavel