Hi everyone,
I’m using an external identity provider (Active Directory) for some of my users. I have a dedicated client and authentication flow set up for this use case.
To achieve this, I duplicated the default browser flow, modified the “Identity Provider Redirector” step to use my configured IDP, and everything works fine in terms of authentication.
However, I need to perform an upsert operation on the client once authentication is successful. Since some of the user attributes are complex to handle, I implemented an SPI by creating a custom Authenticator to manage this part.
The issue arises when I add my custom SPI step to the authentication flow associated with my Active Directory identity provider. My SPI doesn’t seem to execute, as I don’t see any logs from it.
Interestingly, if I modify a different authentication flow (one that doesn’t include the “Identity Provider Redirector” step), the logs from my SPI appear correctly.
I see that the BrokeredIdentityContext is null in my custom Authenticator, which seems to make sense since there hasn’t been any authentication with the IDP :
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, "BROKERED_CONTEXT");
It seems like there’s something I haven’t fully understood about how the brokered context works with an IDP. Could anyone explain why this happens or point me in the right direction for achieving the upsert operation after IDP authentication (using a SPI)?
Thank you in advance for your help!