Map users with IDPs and Using custom REST API based SPI for authorizing the Users

Logicalj · December 28, 2020, 12:41pm

Hello There,

I am new to KeyCloak and we are evaluating KeyCloak to be used for Identity Brokering.
We are having couple of scenarios where we trying to use Multiple IDPs to authenticate the User.

And the idea is we will ask the domain name from user (email e.g. abc@xyz.com) and bases on the provided domain we would like to auto redirect to IDP login page.
We are planning to integrated organization wide User Management (REST based) Micro Service to authorize the authenticated users. Can we write a custom implementation of SPI to do the same?

I am open for suggestions

Thanks

srepalle · August 31, 2021, 12:16am

Hello,

Did you get some solution for this? if so, could you please share the details

xgp · August 31, 2021, 1:23pm

There is not a built-in redirector to IdP based on domain. For that, you will need to build a custom authenticator that does the redirection logic. There is a good example of one way to do it here: keycloak-extension-playground/auth-dynamic-idp-redirector-extension at master · thomasdarimont/ke

Regarding your second question, can you elaborate more on what you want to use the external service for? To map values to the token? To be used in authorization decisions?

Topic		Replies	Views
[SOLVED] Custom (First) Broker Login with external IDPs Getting advice	2	700	December 1, 2021
Identity brokering, upstream idp selection without exposing idps Securing applications identity-brokering	5	1497	June 10, 2021
Using an IDP for REST/API users Securing applications authentication , oidc	0	303	October 19, 2022
Custom Identity Brokering Extending the server	7	1532	October 13, 2020
Allow API login through REST API for IdP users Getting advice authentication , oidc	1	1653	August 9, 2021

Map users with IDPs and Using custom REST API based SPI for authorizing the Users

Related Topics