Keycloak：获取身份提供者信息

Question

I have spring boot app and I use keycloak as auth. provider.

For my realm I have set FACEBOOK or GOOGLE as identity providers .

I wonder how can I find out what identity provider user used - NOT via keycloak admin console, BUT in runtime.

---

eg.:

user A - FACEBOOK

user B - FACEBOOK

user C - GOOGLE

Answer 1

You can set a "User Session Note" mapper to your client's mappers. Set the User Session Note field to: identity_provider

Note: you can use identity_provider_identity in User Session Note field to get its username from to identity provider https://www.keycloak.org/docs/latest/server_admin/index.html#available-user-session-data

Answer 2

Map metadata given in the access token, such as facebook/google user id, and import these to the keycloak user. If you then provide this metadata to the clients, they can see which identity broker that was used.

https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/identity-broker/mappers.html

Answer 3

I know this question is old, but I found an alternative solution to your problem (given that you attempt to reach the information via Java / Spring). Say that that you have concrete variables user , realm and session of type UserModel , RealmModel and KeyCloakSession , respectively. Then you can obtain the set of all federated identities associated to your user:

Set<FederatedIdentityModel> identitySet = session.users().getFederatedIdentities(user, realm);

Each instance of FederatedIdentityModel has a #getIdentityProvider method allowing you to obtain the name of your IdP in question.