I have a custom UserStorageProvider and in there I’d like to know whether a user came from an Identity Provider or not. I already tried using a hardcoded user attribute mapper in my identity provider but it seems I don’t have access to those.
The notes of the AuthenticationSession do not contain any useful information. I cannot use getAuthenticatedUser, because I’m supposed to be the one providing this UserModel as an UserStorageProvider and it (logically) ends up in a stackoverflow.
After a user login from an external IDP, Keycloak stores user session note data that you can access. This data can be propagated to the client requesting log in using the token or SAML assertion passed back to the client using an appropriate client mapper.
identity_provider
The IDP alias of the broker used to perform the login.
identity_provider_identity
The IDP username of the currently authenticated user. Often, but not always, the same as the Keycloak username. For example, Keycloak can link a user john to a Facebook user john123@gmail.com. In that case, the value of the user session note is john123@gmail.com.
You can use a Protocol Mapper of type User Session Note to propagate this information to you