[keycloak-user] Is it possible to get user info from external OIDC provider and then match it against LDAP provider and get rights from there when using Keycloak?

Mart Abel mart.abel at finestmedia.ee
Wed Feb 27 06:17:12 EST 2019

Does anybody know if this is possible?
I have setup external OIDC provider and I have setup external LDAP provider. I want the flow to be like this:

1. User has logins using OIDC provider

2. Get a token from OIDC provider and check the "sub" field against LDAP provider

3. If it exists there, then login user and add the rights from LDAP

4. If no LDAP user exists with that sub then login fails.

This OIDC contains no rights or anything, just a plain info about person.

Is it possible to do with Keycloak?
Or it's earier to do something custom myself.

Disclaimer: This email and its attachments might contain confidential information. If you are not the intended recipient, then please note that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Please notify the sender immediately by replying if you have received this e-mail by mistake and delete it from your system. Kindly note that although Finestmedia and its subsidiaries have taken reasonable precautions to ensure that no viruses are present in this email, Finestmedia and its subsidiaries cannot accept responsibility for any loss or damage arising from the use of this email or attachments.

More information about the keycloak-user mailing list