iDempiere SSO Keycloak Login

[Erick Benivan]

Hello everyone,
I'm currently trying to log in using Keycloak SSO with OpenID.
Can users that have already been created in Keycloak SSO be automatically created as users in iDempiere as well?

[Heng Sin Low]

No, that's not implemented.

--
You received this message because you are subscribed to the Google Groups "iDempiere" group.
To unsubscribe from this group and stop receiving emails from it, send an email to idempiere+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/idempiere/1e50a04f-626a-4518-a1ca-1efa8785ca28n%40googlegroups.com.

[Erick Benivan]

Are there any best practices in iDempiere for dealing with this scenario?

[Jesús Castillo]

You could use some Key lock API. And use it in a custom plugin.

 

Atte: Jesus Castillo.

To view this discussion visit https://groups.google.com/d/msgid/idempiere/d7a56ada-aaae-4eb4-a97b-94ac351f41b1n%40googlegroups.com.

[Erick Benivan]

Noted, thank you

To view this discussion visit https://groups.google.com/d/msgid/idempiere/CAFAT%3DLTB8TXieQC2qLSN2v%3DMxYvoWvhjHQJcg-wmHQ87y1rNaQ%40mail.gmail.com.

[Heng Sin Low]

Another option is to implement it in the request filter. After validating that the SSO token is valid and the user doesn't exist in the target tenant, you can auto-create the user on the fly (you probably will need to set up some default for new users in the SSO provider configuration).

To view this discussion visit https://groups.google.com/d/msgid/idempiere/CAFAT%3DLTB8TXieQC2qLSN2v%3DMxYvoWvhjHQJcg-wmHQ87y1rNaQ%40mail.gmail.com.

[Erick Benivan]

thank you , i'll try