[SOLVED] Custom (First) Broker Login with external IDPs

jrel · December 1, 2021, 9:14am

Hi everyone,

following scenario:

We have two external IDPs (one SAML, one OIDC)
We get from the IDPs some attributes like mobile-no, token-id
We need to map the attributes we receive from the IDPs to existing users
No new users are allowed to be created in Keycloak, only a mapping should take place in Keycloak

The problem: With the regular First Broker Login I can not map to custom attributes

The idea: A custom login method will be implemented to

Select a user by it’s custom attributes
If mapping can not be done, show error, prevent login

How can I implement this logic? Where to start?

Thanks!

jrel · December 1, 2021, 12:52pm

I am trying to solve that with a custom Authenticator. So far, so good.
How can I programatically add a IDP Linking in the “authenticate” method in the custom Authenticator? Or how to do that?

jrel · December 1, 2021, 3:19pm

Finally solved it with some reverse engineering:

Now I have also access to the identity broker, which solves my issues.

Topic		Replies	Views
External IdP + keycloak OTP Getting advice	1	1560	August 10, 2022
First Broker Login Securing applications authentication , identity-brokering , oidc , saml	1	1935	October 7, 2022
Custom Identity Brokering Extending the server	7	1525	October 13, 2020
Prevent creation of user through IDP broker if claim is missing Getting advice authentication , identity-brokering , user-federation , oidc	2	119	February 27, 2024
Brokering identity without store personnal data Getting advice identity-brokering	7	767	June 30, 2021

[SOLVED] Custom (First) Broker Login with external IDPs

Related Topics