[keycloak-user] Implementing a non-standard, custom IDP used for identity brokering

Pedro Igor Silva psilva at redhat.com
Tue Oct 24 09:23:13 EDT 2017


As a general answer you are on the right path but the SPI you are using is
not public yet thus the warning you are seeing in logs.

You should probably review other implementations and base yours based on
them. As you mentioned, most of them are based on standards so the code
should be easy to follow.

On Tue, Oct 24, 2017 at 7:15 AM, Dominik Guhr <pinguwien at gmail.com> wrote:

> Hi everyone,
>
> I've a Problem creating a custom Identity Provider which I want to use
> for identity Brokering (using kc version 3.2.1) and hope you could help:
>
> ** My Scenario:
>
> There's a legacy, non-standard, xml-based "SSO" Protocol which I want to
> broker to enrich it with roles etc. and provide it as an option in my
> realm beneath ither options such as a brokered IDP using SAML, social
> login, etc.
>
> ** What I've tried so far:
>
> Writing a project and provisioning it to the wildfly as a module with
> following structure:
>
> //IDP class
> public class MyIdentityProvider implements
> IdentityProvider<MyIdentityProviderConfig> {
>      //overridden methods (not implemented)
> }
>
> //Factory
> public class MyIdentityProviderFactory implements
> IdentityProviderFactory<MyIdentityProvider> {
>      //overridden methods (just implemented getId -> "MyIDP" and getName
> "My IDP" so far)
> }
>
> //config
> public class MyIdentityProviderConfig extends IdentityProviderModel {
>         //empty so far.
> }
>
> Plus the org.keycloak.broker.provider.IdentityProviderFactory in
> META-INF pointing to com.my.MyIdentityProviderFactory
>
> Outcome is, when I'm publishing this to keycloak, I've got a new field
> on the identity provider dropdown (which is unclickable, yet, expectedly).
>
> **My Problems/Questions:
>
> 1. All IDPs I see implemented are using standards such as oauth2, but I
> am missing a more general architectural advice for custom
> implementations, such as "you have to override this, that and that
> method and you definitely need this, that and thus property / process to
> be compatible to keycloak with your custom SSO
>
> So, question: Which methods and interfaces do I definitely have to
> implement to get my custom idp going? Is there something like an
> architectural overview? (considering I am on the right track here)
>
>
> 2. I get this warning starting keycloak:
>
> WARN  [org.keycloak.services] (ServerService Thread Pool -- 50)
> KC-SERVICES0047: My IDP (com.my.MyIdentityProviderFactory) is
> implementing the internal SPI identity_provider. This SPI is internal
> and may change without notice
>
> So, this leads me to the second question: Am I missing something? Am I
> on the wrong track, perhaps? Is there another, better way to implement
> this? (I am fairly new)
>
> And last but not least, a very general question:
> 3. am I on the right mailinglist for this kind of question, or is this
> more for the dev-list? Or do u guys have a slackchannel or something
> like that where I could join?
>
> Would be great to hear from you!
>
> Best regards,
> Dominik
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list