How to only allow some SSO (Github) users to login?

192 views
Skip to first unread message

Sandra Schlichting

unread,
May 8, 2023, 5:01:54 AM5/8/23
to Keycloak User
Dear all =)

I have configured a PoC of Github SSO, and right now all Github users are allowed login.

How can I limit/restrict/allow which Github users that should be allowed access?

Hugs,
Sandra =)

Thomas Darimont

unread,
May 8, 2023, 5:06:09 AM5/8/23
to Keycloak User
Hello Sandra,

One way that would work is to implement a custom org.keycloak.broker.provider.IdentityProviderMapper and check the incoming user data via IdentityProviderMapper#preprocessFederatedIdentity.

With this in place unwanted users will not be imported into the Keycloak user store.

Cheers,
Thomas

Sandra Schlichting

unread,
May 8, 2023, 7:37:25 AM5/8/23
to Keycloak User
Dear Thomas,

Excellent! Thanks a lot =)

Hugs,
Sandra =)

Matthieu Huin

unread,
May 9, 2023, 4:56:26 AM5/9/23
to Sandra Schlichting, Keycloak User

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/63916fe1-9d12-4481-b425-f8b74fad2c56n%40googlegroups.com.


--

Matthieu Huin

(He/Him/His)

Senior Software Developer

Schuster Sebastian (BD/PAU1)

unread,
May 9, 2023, 10:43:13 AM5/9/23
to Matthieu Huin, Sandra Schlichting, Keycloak User

Hi Matthieu,

 

this looks nice, could you also add a license so people can actually use it?

 

@Sandra Schlichting Another option would be to have a first broker login flow that does not automatically create users but just links them with existing users and then you create all users you want to allow upfront.

 

Best regards,

Sebastian

 

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster
 

Product Area User Management (BD/PAU1)
Bosch.IO GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch.io
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Telefax +49 30 726112-100Sebastian...@bosch.io


Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Stefan Koss; Geschäftsführung: Dr. Andreas Nauerz, Stephan Lampel 

Image removed by sender.
Image removed by sender.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.

Sandra Schlichting

unread,
May 12, 2023, 7:35:49 AM5/12/23
to Keycloak User
Dear Sebastian,

This broker you mention. Is that a something I would have to develop myself, or does there exist something I can already use?

Hugs,
Sandra =)

Schuster Sebastian (BD/PAU1)

unread,
May 12, 2023, 11:20:10 AM5/12/23
to Sandra Schlichting, Keycloak User

Hi Sandra,

 

this flow is already there, you can just adapt its configuration, see: https://www.keycloak.org/docs/latest/server_admin/#_identity_broker_first_login

 

Best regards,

Sebastian

 

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster
 

Product Area User Management (BD/PAU1)
Bosch.IO GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch.io
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Telefax +49 30 726112-100Sebastian...@bosch.io


Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Stefan Koss; Geschäftsführung: Dr. Andreas Nauerz, Stephan Lampel 

 

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CADNCi7fr5uDMp4vzcET3%2B38%3D9U5%3DppJawPpX1Z_ZaOh5wXc4rQ%40mail.gmail.com.

--

You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.

Matthieu Huin

unread,
May 15, 2023, 7:01:10 AM5/15/23
to Schuster Sebastian (BD/PAU1), Sandra Schlichting, Keycloak User
A little oversight on my part, thanks for pointing that out! This should be fixed now.



--

Matthieu Huin

(He/Him/His)

Senior Software Developer

Reply all
Reply to author
Forward
0 new messages