8000 Organization member onboarding using the organization identity provider by pedroigor · Pull Request #28761 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Organization member onboarding using the organization identity provider #28761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 17, 2024
Merged

Organization member onboarding using the organization identity provider #28761

merged 1 commit into from
Apr 17, 2024

Conversation

pedroigor
Copy link
Contributor
@pedroigor pedroigor commented Apr 15, 2024
edited
Loading

Closes #28273

  • Allows onboarding organization members by leveraging the identity provider set to an organization
  • Changes the LoginFormsProvider to allow customizing the attributes available to templates using a general purpose "mapper" rather than a specific method to enable/disable a capability in login pages
  • Both browser and brokering flows will change to include additional steps to handle the organization flow when login in and federating users. For now, only new realms will have these flows updated.
  • By using an authenticator we can in the future have specific settings at the organization level to configure how the steps should run. I can also think about having an organization specific authentication flow but that is something we can evaluate in the future.
  • As we are only enabling a single identity provider by an organization, the redirect to the IdP is automatic. Once we support multiple IdPs to an organization we can think about introducing additional steps to allow users to select which IdP they want to use. Perhaps something similar to https://github.com/sventorben/keycloak-home-idp-discovery.
  • To make it easier to obtain the identity provider associated with an org, a new OrganizationModel.getIdentityProvider method was added as it removes boilerplate code to resolve the identity provider for a given organization
  • A new method OrganizationProvider.isEnabled was added to make it easier to check whether a realm supports organizations and if it is enabled to a realm. By doing that, and relying on realm attributes, we can easily check whether a realm should consider processing authorization requests based on its organizations.

@pedroigor pedroigor requested review from a team as code owners April 15, 2024 21:26
jonkoops
jonkoops previously approved these changes Apr 16, 2024
View reviewed changes
vramik
vramik reviewed Apr 16, 2024
View reviewed changes
Copy link
Contributor
@vramik vramik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @pedroigor for the PR, I went over it briefly and overall it seems good to me.

As I'm not very familiar with authenticators part, I'd welcome if someone more experienced in the area would take a look to speed up the review and merging.

I've added few comments/questions, please take a look. IMO we can create follow-up issues for those to not block the PR from merging.

jonkoops
jonkoops previously approved these changes Apr 16, 2024
View reviewed changes
mposolda
mposolda reviewed Apr 16, 2024
View reviewed changes
Copy link
Contributor
@mposolda mposolda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pedroigor Nice! Added few minor comments inline. Reviewed especially the parts related to authentication (as that is what @vramik mentioned that he did not reviewed too deeply).

@pedroigor
Organization member onboarding using the organization identity provider
cbe899e 
Closes keycloak#28273

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
@pedroigor pedroigor merged commit 1e38374 into keycloak:main Apr 17, 2024
@pedroigor pedroigor deleted the issue-28273 branch April 17, 2024 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vramik vramik vramik approved these changes

@sguilhen sguilhen sguilhen approved these changes

@mposolda mposolda mposolda approved these changes

@jonkoops jonkoops jonkoops left review comments

Assignees
No one assigned
Labels
team/cloud-native team/core-clients team/core-iam team/ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Register users as an organization member when authenticating through the identity provider bound to an organization
5 participants
@pedroigor @sguilhen @jonkoops @mposolda @vramik
0