Custom user registration and validation process

Hello KeyCloak community.

I am currently setting up a SSO solution proof of concept using KeyCloak.

This project has user registration requirements that are not native to KeyCloak, and I would greatly appreciate your advice/recommendations to meet those requirements or alternative suggestions.

The custom process is planned as follows :
Users attempting to register through the SSO must be authorized by a custom process before being able to use the SSO, and will have a ‘pending’ status applied.

  • Automatic user account validation, upon user registration attempt, their details will be automatically compared to an existing prospective user database. If a match is found, the user account status will be set to ‘validated’ and an mail will be sent to the user to inform him that he now has access to SSO linked platforms.
  • Manual user account validation, Through KeyCloak if possible, or another back-office linked to the user database, administrators will be able to check ‘pending’ user registrations and validate them, also sending off an email to the user.

I am considering developing a custom registration flow to include a prospective user database check and email trigger, but this seems risky without a deep understanding of KeyCloak.
Alternatively, would it be possible to connect an external API to the KeyCloak user database for this procedure ?

Are any paid options available to make these kinds of additions/alterations to KeyCloak ?

Kind regards,

For customizing the registration flow. Check out the RegistrationUserCreation and RegistrationProfile classes in Keycloak, as you’ll probably have to customize and replace those. You’ll probably also want to set users that do not qualify for automatic validation as disabled. Then you can use the Keycloak Admin UI to do your “Manual user account validation” by setting their account to enabled if they meet the manual criteria.

For custom emails that you want to send, you can get the EmailTemplateProvider from the KeycloakSession using

    EmailTemplateProvider emailTemplateProvider =
    session.getProvider(EmailTemplateProvider.class);

and then you can send using something like this (depending on your template and params setup):

    emailTemplateProvider
      .setRealm(realm)
      .setUser(user)
      .setAttribute("realmName", realm.getName())
      .send(
          "thankYouSubject",
          subjAttr,
          "thank-you-email.ftl",
          bodyAttr); 

And, if you need commercial support, feel free to message me!

1 Like

Thank you for your reply xgp.

I would like to get in touch with you but I am unable to. Could you please tell me how to do so in a private message ?