Keycloak Based

This handler (com.rierino.handler.auth.keycloak.KeycloakEventHandler) provides a Keycloak based implementation of AuthEventHandler.

Keycloak provides capabilities such as social login, user federation and support for OpenID Connect, OAuth 2.0, and SAML. This handler is only available in Rierino Core+ version.

This handler uses the following extra configurations, actions and parameters:

Handler Parameters

Parameter
Definition
Example
Default

system

Name of Keycloak system for access details

admin_keycloak

-

Example Keycloak Handler Definition (Can be Imported on Element Screen)

This handler requires the following dependency added to deployment contents:

implementation (group:'com.rierino.custom', name: 'keycloak', version:"${rierinoVersion}")

Actions

Register

This handler supports using additional credential types provided as "credential_type" in request in addition to "password" option.

Login

This handler supports using additional credential types provided as "grant_type" in request in addition to "password" options.

UpdatePassword

Allows updating password for a user represented by the "access_token" using "password" field.

Field
Definition
Example
Default

inputElement

Json path for the input in event payload

auth

-

ExecuteActionEmail

Triggers an action e-mail through Keycloak system for a specific action type (e.g. VALIDATE_EMAIL, FORGOT_EMAIL) for a given "username".

Field
Definition
Example
Default

inputElement

Json path for the input in event payload

auth

-

With event metadata parameters as:

Parameter
Definition
Example
Default

action

Action to execute

FORGOT_EMAIL

-

ForgotPasswordAction

Resets the password for a user to a given "password", using "action_token" for user verification:

Field
Definition
Example
Default

inputElement

Json path for the input in event payload

auth

-

VerifyEmailAction

Verifies a user e-mail (if required in realm) using "action_token" for user verification:

Field
Definition
Example
Default

inputElement

Json path for the input in event payload

auth

-

Keycloak stores firstname, lastname, email as user profile data. User attributes are also stored as profile data, except for attributes starting with # character. Attributes starting with # are stored as access data, hence considered as data not managed by the users themselves (e.g. assigned user groups).

Last updated