Hi everyone,
following scenario:
- We have two external IDPs (one SAML, one OIDC)
- We get from the IDPs some attributes like mobile-no, token-id
- We need to map the attributes we receive from the IDPs to existing users
- No new users are allowed to be created in Keycloak, only a mapping should take place in Keycloak
The problem: With the regular First Broker Login I can not map to custom attributes
The idea: A custom login method will be implemented to
- Select a user by it’s custom attributes
- If mapping can not be done, show error, prevent login
How can I implement this logic? Where to start?
Thanks!