KEYCLOAK Implementing Custom User Storage Provider

February 9, 2022

Tags: #keycloak #oidc #authentication #video

Keycloak stores by default the users data in its own database. But you can also connect to other data sources, if you already have some (legacy) stores or simply don’t want to store your users data in Keycloak itself. This is called User Federation - connecting an LDAP/AD server is one example (and it’s already built-in), but you can also implement your custom logic, custom protocol, custom database, etc. to connect to any other system - with a Custom User Storage Provider.

In my video I show an example to connect Keycloak to an external API providing the federated user data. I implement the actual UserProvider interfaces to lookup and query the users from the external system, and also to handle credential (password) validation and updates. All this yield in a custom UserModel implementation - the UserAdapter, containing all the logic to map the various attributes from the API result to the Keycloak internal data model.

Last but not least, I do automated tests with the help of the Testcontainers-Keycloak project.

This video became a bit longer as usual, because I explain some details more in-depth. Hopefully you’ll enjoy it.

Don’t forget to subscribe to my YouTube channel!

The sourcecode is available on my GitHub repository keycloak-extensions-demo/user-provider.

dasniko/keycloak-extensions-demo - GitHub

Need Keycloak Consulting, Workshop or Support?

Get in touch

« Keycloak Implementing Custom REST Resources Keycloak 17 is out - Quarkus is now the default way to go! »