search
Home

Keycloak Based

This handler (com.rierino.handler.auth.keycloak.KeycloakEventHandler) provides a Keycloak based implementation of AuthEventHandler.

Keycloak provides capabilities such as social login, user federation and support for OpenID Connect, OAuth 2.0, and SAML. This handler is only available in Rierino Core+ version.

This handler uses the following extra configurations, actions and parameters:

hashtag
Handler Parameters

Parameter
Definition
Example
Default

system

Name of Keycloak system for access details

admin_keycloak

-

file-download
403B
handler-keycloak-0001.json
arrow-up-right-from-squareOpen
Example Keycloak Handler Definition (Can be Imported on Element Screen)

This handler requires the following dependency added to deployment contents:

implementation (group:'com.rierino.custom', name: 'keycloak', version:"${rierinoVersion}")

hashtag
Actions

hashtag
Register

This handler supports using additional credential types provided as "credential_type" in request in addition to "password" option.

hashtag
Login

This handler supports using additional credential types provided as "grant_type" in request in addition to "password" options.

hashtag
UpdatePassword

Allows updating password for a user represented by the "access_token" using "password" field.

Field
Definition
Example
Default

Input Element

Json path for the input in event payload

auth

-

hashtag
ExecuteActionEmail

Triggers an action e-mail through Keycloak system for a specific action type (e.g. VALIDATE_EMAIL, FORGOT_EMAIL) for a given "username".

Field
Definition
Example
Default

Input Element

Json path for the input in event payload

auth

-

With event metadata parameters as:

Parameter
Definition
Example
Default

Action

Action to execute

FORGOT_EMAIL

-

hashtag
ForgotPasswordAction

Resets the password for a user to a given "password", using "action_token" for user verification:

Field
Definition
Example
Default

Input Element

Json path for the input in event payload

auth

-

hashtag
VerifyEmailAction

Verifies a user e-mail (if required in realm) using "action_token" for user verification:

Field
Definition
Example
Default

Input Element

Json path for the input in event payload

auth

-

circle-info

Keycloak stores firstname, lastname, email as user profile data. User attributes are also stored as profile data, except for attributes starting with # character. Attributes starting with # are stored as access data, hence considered as data not managed by the users themselves (e.g. assigned user groups).

PreviousState BasedNextSessionize

Last updated