[Add more information when login with IDP]

Getting advice
,
1

Hi everyone,

I faced an issue when adding more information log in with IDP (identity provider).

When users visit my website and register a new account, we receive a param => we need to store this param for this new user.

  • For the case user login with Keycloak, it’s ok. I custom register.ftl by add a input field (param) and fill this input field with JavaScript
<input type="hidden" id="user.attributes.param" name="user.attributes.param" value="${(register.formData['user.attributes.param']!'')}" />

<script>
    let searchParams = new URLSearchParams(window.location.search);
    let param = searchParams.get('param');
    document.getElementById('user.attributes.param').value = param;
</script>
  • For the case of user login with IDP, I still didn’t find any solution to store this param. The IDP doesn’t support any param to do it (the state param is already used by Keycloak). Therefore, I want to store the param before redirecting to IDP and retrieve it after the user login IDP successfully. But I still don’t find any solution for this idea. Does anyone have any idea about this issue?

Keycloak_IDP
Keycloak_IDP2343×954 122 KB

Regards,

2

It is possible to create a simple, custom Authenticator that stores the param as an Auth Note. You can then use this after the user returns from the IdP. More information on creating extensions is here Server Developer Guide

1 Like
3

Thank you, I will try your solution.

4

Lasted update: Thank @xgp, now I saw the log is fine, I missing some config in the registration flow. Thank you so much.

Dear @xgp,

Could you explain to me in more detail how to store the param as an AuthNote before redirecting to IDP?

Basically, I have a URL to go to the registration page

https://login.website:8080/auth/realms/my-realm/protocol/openid-connect/registrations?client_id=my-client&param=value&

On the registration page, I loop all providers and show the login button for each provider

loop social.providers as provider
    <button href="provider.loginUrl">
        provider.alias
    <button>

The loginUrl of provider is like this: https://login.website:8080/auth/realms/my-realm/broker/idp-id/login?client_id=my-client&

I create an authenticator and add the authenticator into the registration flow (I also add it into the browser/post login/first broker login,… flows) (I add the authenticator in the first step of each flow)

However, I only get the search param after the user login with IDP successfully (tab_id and client_id). I cannot get the param before redirecting to IDP.

Do I need to do more things?

Thank you and regards,
Loc