[keycloak-user] user spi

[Simon Payne]

I would like to create an spi implementation to allow custom group / role
mapper, but authenticate using standard ldap user federation.

this custom mapping would involve a connection to a separate DB, which has
already been populated by internal tooling and would identify the user
using the same unique reference.

I can find example for altering the user storage, but not groups / role
mappings where standard user federation has been used.

is this possible?


many thanks

Simon.