Custom user federation with additional user attributes

I have implemented a custom UserStorageProvider with AbstractUserAdapter for Keycloak for retrieving users from external DB and login users with credentials stored in that DB. All works ok and the data is read only via Keycloak admin panel.

I wanted to add additional attributes to users from data stored in external DB, I would like to add this data to the token via Attribute Mapper, is there a way to do it? Or do II need to implement AbstractUserAdapterFederatedStorage? The problem with the later is that it is not read only and allows to edit the user data transferred to the keycloak user store.

You have to manage all the attributes in your AbstractUserAdapter implementation, like I did here:

See also the other methods regarding attributes in the class.

(And by extending AbstractUserAdapter.Streams you have to implement less methods, as there are some default impls)

1 Like

great thnx works like a charm. I suppose for roles is the same?

Like you can see in the same class, there are also methods for handling groups and roles: getGroupsInternal() and getRoleMappingsInternal()

great thnx for your informatiion