[Add more information when login with IDP]

Hi everyone,

I faced an issue when adding more information log in with IDP (identity provider).

When users visit my website and register a new account, we receive a param => we need to store this param for this new user.

  • For the case user login with Keycloak, it’s ok. I custom register.ftl by add a input field (param) and fill this input field with JavaScript
<input type="hidden" id="user.attributes.param" name="user.attributes.param" value="${(register.formData['user.attributes.param']!'')}" />
    let searchParams = new URLSearchParams(window.location.search);
    let param = searchParams.get('param');
    document.getElementById('user.attributes.param').value = param;
  • For the case of user login with IDP, I still didn’t find any solution to store this param. The IDP doesn’t support any param to do it (the state param is already used by Keycloak). Therefore, I want to store the param before redirecting to IDP and retrieve it after the user login IDP successfully. But I still don’t find any solution for this idea. Does anyone have any idea about this issue?


It is possible to create a simple, custom Authenticator that stores the param as an Auth Note. You can then use this after the user returns from the IdP. More information on creating extensions is here Server Developer Guide

1 Like

Thank you, I will try your solution.

Lasted update: Thank @xgp, now I saw the log is fine, I missing some config in the registration flow. Thank you so much.

Dear @xgp,

Could you explain to me in more detail how to store the param as an AuthNote before redirecting to IDP?

Basically, I have a URL to go to the registration page


On the registration page, I loop all providers and show the login button for each provider

loop social.providers as provider
    <button href="provider.loginUrl">

The loginUrl of provider is like this: https://login.website:8080/auth/realms/my-realm/broker/idp-id/login?client_id=my-client&

I create an authenticator and add the authenticator into the registration flow (I also add it into the browser/post login/first broker login,… flows) (I add the authenticator in the first step of each flow)

However, I only get the search param after the user login with IDP successfully (tab_id and client_id). I cannot get the param before redirecting to IDP.

Do I need to do more things?

Thank you and regards,