Custom Identity Brokering


I am looking to customize the Identity Brokering flow by controlling the IDPs returned to the client.

In the diagram above, I want to manipulate the list returned by “#3” based on an arbitrary criteria I would configure upfront.

I do not see any SPI for identity brokering nor anything in the documentation about that.

Do you know how to implement such a customization?

1 Like

Some guidance would be appreciated

Any feedback from the devs?

Any feedback on this?

Some guidance would be greatly appreciated

@romain were you able to retrieve a token for external IDP? I’m trying to make it work its been few weeks and can’t get figure this out. Any chance we could confirm the steps I described here?

I was able to do all of the above steps successfully. However, when I make the API call:
GET /auth/realms/{realm}/broker/{provider_alias}/token HTTP/1.1
Host: localhost:8080
Authorization: Bearer <KEYCLOAK ACCESS TOKEN>
Specifically I make the API call to Stackoverflow like so:
I get the following response:
I have the following question about what to do next:

  1. What should I do with the access token?
  2. Do I need to decrypt the access token? If so what encryption is being used to encrypt it, base64 or something else?
  3. How do I see the details of the access token?
  4. Do I need to make another Stackoverflow call or Keycloak API call to using this access token as is, to get the details?

Any help would be much appreciated.

Thank you.

Hey @polfilm, yes I was able to get the token back from the idp, I am using Okta and oidc.

Yet, some guidance on how to manage the list of idps shown to the user would be appreciated.
Different users would use different IdPs and I want to show only the relevant SSO CTA to the relevant user.

Please advise.