Domain mapping problem

Hi everyone,

We are looking forward to create our login page in such a way that the user enters only the username or the email in the login screen and based on the domain of the email the user must get redirected to the respective IDP. How can this be best done in Keycloak. Any suggestions are highly appreciated.

You’ll have to build a custom Authenticator that implements the logic you want to use to choose IdPs based on username or email. There is a good example here that redirects based on matching an existing user’s email domain:

If you have another requirement, this will be a good place to start. Let us know if you encounter blockers in customizing this.

How can we deploy these authenticator and authenticator factory files and also what is the pom file? This code is for matching users with email right? For example my use case is if a user enters xgp@facebook.com he must be redirected to the Facebook IDP ? Can u please elaborate on these queries?

This Authenticator is not “ready to deploy”. You will need to build an authenticator based on this example, and then customize the authentication flow to use it.

There is more documentation on how to build, package and deploy custom authenticators here: Server Developer Guide