keycloak-home-idp-discovery
keycloak-home-idp-discovery copied to clipboard
[Feature] Provide IdpAuthenticator that checks email domains
Is there an existing feature request for this?
- [X] I have searched the existing issues
Is your feature related to a problem? Please describe.
When users register through an identity provider with a managed domain, I would like to ensure that only users with an email domain equal to the configured domain can regsiter via the idp.
Describe the solution you'd like
Implement an AbstractIdpAuthenticator
that checks if domains match:
- Load IdentityProviderConfigModel with identityProviderId from SerializedBrokeredIdentityContext
- Wrap the ConfigModel in an IdentityProviderModelConfig
- Read domains from the IdentityProviderModelConfig and match with user email from SerializedBrokeredIdentityContext
- Use DomainExtractor (how to get the config of the HIdPD Authenticator`?)
Describe alternatives you've considered
No response
Anything else?
No response