Self hosted keycloak integration shows user ID under email in netbird ui

[finnje]

For some reason keycloak users info is not being pulled properly when displayed in the netbird ui

Keycloak UI

Netbird UI

I would expect the email address seen in keycloak to be displayed under email in the netbird instead of the ID and likely the username from keycloak to be displayed under Name in netbird.

[braginini]

hey @finnje Thank you for reporting this!

This is the expected behavior so far. The Keycloak API integration is not yet there, and UI uses ID to display in the Email column. Not ideal, but works. NetBird doesn't store any user data, instead, it relies on the underlying IdP. The API integrations are in the IdP package and there is only one implementation - Auth0.

We didn't set the priority for this issue. We'd appreciate it if someone from the community could implement the IdP Manager interface for Keycloak using this official Keycloak API reference.

[pnowy]

@finnje you can change it on Keycloak side. What is needed in this case is a client specific mapper which put into sub the email or username (email probably is better as sub is displayed on email column on NetBird UI).

Example config from Keycloak (Client -> Your Client (i.e. netbird-client)-> Client Scopes -> netbird-client-dedicated -> Add mapper -> By Configuration -> User Property):

[finnje]

Nice @pnowy thanks for that!

[mlsmaycon]

@finnje we've added a better integration for keycloak with the latest versions. Please refer to: https://docs.netbird.io/selfhosted/identity-providers#step-9-add-manage-users-role-to-netbird-backend

[bravosierrasierra]

@mlsmaycon Can you add solution from https://github.com/netbirdio/netbird/issues/469#issuecomment-1313561452 to https://docs.netbird.io/selfhosted/identity-providers#keycloak ? I spend many days to find a solution for empty username from keycloak :(