Keycloak: Retrieving Attributes from JSON API after Authentication

0
votes

Use case is client, SAML or OIDC, will authenticate users via Identity Provider (OIDC say Google; or SAML) - on return of authentication from the Identity Provider, Keycloak will call out to an external JSON API, to obtain further attributes on the user (say lookup by email for telephone number).

Is above possible? Any hints on how to approach will be greatly appreciated.

I was referencing keycloak-json-remote-claim/README.md at master · groupe-sii/keycloak-json-remote-claim · GitHub as an OIDC example – not sure if I’m in correct ballpark.

1
keycloakkeycloak-services

1 Answers

0
votes

If you want to add additional user attributes from an external service you should:

  1. Create your own auth flow
  2. Create plugin with Authenticator and AuthenticatorFactory
  3. Implement all logic in Authenticator
  4. Add AuthenticatorFactory to the new flow
  5. Assign new flow to your main client

After these steps your Authenticator will invoke external service and put all needed attrs to the user, each time when user logs in through your main client