keycloak-scim/docs/documentation/server_development/topics/user-federation.adoc

16 lines
1.3 KiB
Text
Raw Normal View History

2016-04-18 21:02:18 +00:00
[[_user_federation]]
== User federation SPI
2016-04-18 21:02:18 +00:00
The keycloak examples directory contains an example of a simple User Federation Provider backed by a simple properties file. See `providers/federation-provider`
in the examples distribution. Most of how to create a federation provider is explained directly within the example code, but some information is here too.
2016-04-18 21:02:18 +00:00
Writing a User Federation Provider starts by implementing the `UserFederationProvider` and `UserFederationProviderFactory` interfaces. Please see the Javadoc
and example for complete details on how to do this.
2016-04-18 21:02:18 +00:00
Some important methods of note: getUserByUsername() and getUserByEmail() require that you query your federated storage and if the user exists create and import
2018-02-02 13:54:47 +00:00
the user into Keycloak storage. How much metadata you import is fully up to you. This import is done by invoking methods on the object returned by
`KeycloakSession.userFederatedStorage()` to add and import user information. The proxy() method will be called whenever Keycloak has found an imported UserModel.
2016-04-18 21:02:18 +00:00
This allows the federation provider to proxy the UserModel which is useful if you want to support external storage updates on demand.
For details on how to package and deploy a custom provider refer to the <<providers.adoc#providers,Service Provider Interfaces>> chapter.