KEYCLOAK Implementing Custom User Storage Provider
February 9, 2022
Keycloak stores by default the users data in its own database. But you can also connect to other data sources, if you already have some (legacy) stores or simply don’t want to store your users data in Keycloak itself. This is called User Federation - connecting an LDAP/AD server is one example (and it’s already built-in), but you can also implement your custom logic, custom protocol, custom database, etc. to connect to any other system - with a Custom User Storage Provider.
In my video I show an example to connect Keycloak to an external API providing the federated user data.
I implement the actual
UserProvider interfaces to lookup and query the users from the external system, and also to handle credential (password) validation and updates.
All this yield in a custom
UserModel implementation - the
UserAdapter, containing all the logic to map the various attributes from the API result to the Keycloak internal data model.
Last but not least, I do automated tests with the help of the Testcontainers-Keycloak project.
This video became a bit longer as usual, because I explain some details more in-depth. Hopefully you’ll enjoy it.
Don’t forget to subscribe to my YouTube channel!
The sourcecode is available on my GitHub repository