I’d like to get some advice on OIDC/SAML brokering.
If I’m using keycloak with an external Identity Provider (OIDC or SAML) to authenticate the user and retrieve some data related to the user (first name, last name, some other attributes), it there a way to refresh the data without having the user to login again? If the name of the user change on the external Identity provider, do we need to wait a new authentication to get the information into keycloak?
I hope it’s clear enough and thanks for your help.
Once the user logs in using external IdP, the keycloak has the tendency to save it in its local DB and henceforth it will continue to use the internal user information even if the data has been changed on the IdP side. I think the best way here would be to extend the First Broker Login flow to manually import the data from IdP at every login so that one can be sure of the latest information passed down to Keycloak
I think that using an Identity Provider mapper, information will be updated at each login with a call to the “updateBrokeredUser” method. But between two logins it would be interested to be able to update user information. For example if you are retrieving information about groups, you don’t want to have to ask the user to logout and login again if a group was added on the Identity Provider side. But I’m not sure if it’s possible.