Custom user federation with additional user attributes

simonC · December 22, 2021, 3:27pm

I have implemented a custom UserStorageProvider with AbstractUserAdapter for Keycloak for retrieving users from external DB and login users with credentials stored in that DB. All works ok and the data is read only via Keycloak admin panel.

I wanted to add additional attributes to users from data stored in external DB, I would like to add this data to the token via Attribute Mapper, is there a way to do it? Or do II need to implement AbstractUserAdapterFederatedStorage? The problem with the later is that it is not read only and allows to edit the user data transferred to the keycloak user store.

dasniko · December 22, 2021, 4:53pm

You have to manage all the attributes in your AbstractUserAdapter implementation, like I did here:

github.com

dasniko/keycloak-extensions-demo/blob/adf94a940eeab5b2c24ec93098f4a9c055722b2a/user-provider/src/main/java/dasniko/keycloak/user/UserAdapter.java#L60

    
      
          		return user.getEmail();
          	}
          
          
	@Override
          	public String getFirstAttribute(String name) {
          		List<String> list = getAttributes().getOrDefault(name, List.of());
          		return list.isEmpty() ? null : list.get(0);
          	}
          
          
	@Override
          	public Map<String, List<String>> getAttributes() {
          		MultivaluedHashMap<String, String> attributes = new MultivaluedHashMap<>();
          		attributes.add(UserModel.USERNAME, getUsername());
          		attributes.add(UserModel.EMAIL, getEmail());
          		attributes.add(UserModel.FIRST_NAME, getFirstName());
          		attributes.add(UserModel.LAST_NAME, getLastName());
          		attributes.add("birthday", user.getBirthday());
          		attributes.add("gender", user.getGender());
          		return attributes;
          	}

See also the other methods regarding attributes in the class.

(And by extending AbstractUserAdapter.Streams you have to implement less methods, as there are some default impls)

simonC · December 23, 2021, 7:48am

great thnx works like a charm. I suppose for roles is the same?

dasniko · December 23, 2021, 7:56am

Like you can see in the same class, there are also methods for handling groups and roles: getGroupsInternal() and getRoleMappingsInternal()

simonC · December 23, 2021, 9:16am

great thnx for your informatiion

Topic		Replies	Views
Custom UserStorageProvider in Keycloak 18.0.0 Extending the server	5	883	November 1, 2022
Need help - Federation not creating users nor saving attributes Extending the server user-federation	3	1387	February 7, 2022
Is it possible to add local attributes to a federated user? Getting advice user-federation , ldap	0	1065	November 4, 2020
User storage federation provider - writable edit mode Extending the server user-federation	1	1642	August 6, 2021
Storing and updating user via custom user storage provider Getting advice user-federation	2	46	July 9, 2024

Custom user federation with additional user attributes

Related Topics