ol-infrastructure icon indicating copy to clipboard operation
ol-infrastructure copied to clipboard

Published 20 hours ago verified publisher icon mitodl

Keycloak SPI for Github org membership filtering

Open shaidar opened this issue 1 year ago • 1 comments

Description/Context

When using Github as an Identity Provider in Keycloak, anyone with a Github account would be able to login to Keycloak. That is not the ideal situation for us and we would like to only allow members of the Github mitodl organization to login. It would also be beneficial to filter on team membership in a specific Github org.

Acceptance Criteria

  • [ ] Github IDP in Keycloak that only allows members of the mitodl organization to login and/or create an account in Keycloak.
  • [ ] A clear error message to the user trying to login as to why they can't in case they don't belong to the right org and/or team

Plan/Design

Based on Keycloak docs, the way to accomplish this is to create a custom Service Provider Interface.

shaidar avatar Jul 26 '23 20:07 shaidar