keycloak-home-idp-discovery [Feature] Provide IdpAuthenticator that checks email domains

[Feature] Provide IdpAuthenticator that checks email domains

Open sventorben opened this issue 1 year ago • 0 comments

Is there an existing feature request for this?

[X] I have searched the existing issues

Is your feature related to a problem? Please describe.

When users register through an identity provider with a managed domain, I would like to ensure that only users with an email domain equal to the configured domain can regsiter via the idp.

Describe the solution you'd like

Implement an AbstractIdpAuthenticator that checks if domains match:

Load IdentityProviderConfigModel with identityProviderId from SerializedBrokeredIdentityContext
Wrap the ConfigModel in an IdentityProviderModelConfig
Read domains from the IdentityProviderModelConfig and match with user email from SerializedBrokeredIdentityContext
Use DomainExtractor (how to get the config of the HIdPD Authenticator`?)

Describe alternatives you've considered

No response

Anything else?

No response

Mar 11 '23 00:03 sventorben

keycloak-home-idp-discovery keycloak-home-idp-discovery copied to clipboard

[Feature] Provide IdpAuthenticator that checks email domains

Is there an existing feature request for this?

Is your feature related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Anything else?

keycloak-home-idp-discovery
keycloak-home-idp-discovery copied to clipboard