This Java x Maven project holds the Keycloak extensions for customizations of the FWU Keycloak. The goal of these extensions are to make the authentication more secure and anonymous.
Run the script start_for_testing.sh
in the root directory to start the Keycloak.
This will start a Keycloak docker container and others specified in the docker-compose.yaml
.
This OIDC mapper can be used to pseudonymize one of the attributes of user like id
, username
for different clients and has the following features. For more details please check here
- Field
sectorIdentifier
is mandatory - Field
sectorIdentifier
has to be still a valid URI but must not link to a JSON-File - If
sectorIdentifier
links to a JSON-File, it's content will be completely ignored
It holds the customization to remove the user on logout or inactive users. For more details please check here.
This Authenticator checks valid combinations of Client ID and KC_IDP_HINT
information.
For more details please check here.
This Authenticator checks valid combinations of Client ID and School ID information. For more details please check here.
This mapper imports user attributes with the ability to translate values. It supports SAML- and OIDC- Identity Providers. For more details please check here.
This mapper combines the first two letters of the first and last name to a lowercase acronym. For more details please check here.
Identity provider mapper regarding school IDs made up of a home organization and a school ID. For more details please check here.
It holds the customization to publish a message in RABBITMQ on LOGIN event in KC. For more details please check here.
API - which defines the standard vidis field names. For more details please check here.
Identity provider mapper which calls a SANIS REST-API to collect user metadata. For more details please check here.
OIDC Protocol mapper to add vidis user metadata to client tokens. For more details please check here.
OIDC Protocol mapper to add vidis user metadata to client tokens based on the role which is present in the user attributes. For more details please check here.
Authenticators required to enable the linking of accounts with only one authentication process For more details please check here.
To learn more about how you can contribute to this project, check out CONTRIBUTING.md
.