Open
Description
Is there an existing feature request for this?
- I have searched the existing issues
Is your feature related to a problem? Please describe.
Currently even if a user is linked to an homeidp, he still gets the required actions email to setup his account (password, 2FA) , verify mail etc. This is confusing for the user, because when he has an idp linked, he can just login.
Describe the solution you'd like
I tried to implement an eventListener that checks if a user is linked to an idp.
If so, we never need to send out the requiredActions mail in Keycloak because everything is already done (password, 2FA).
Until now all classes are using the authenticationFLowContext, do we have any option to just get the list of homeidps based on a User/KeycloakContext?
Following code doesnt work because the context doesnt match.
@Override
public void onEvent(Event event) {
if (event.getType() == EventType.REGISTER) {
RealmModel realm = session.realms().getRealm(event.getRealmId());
UserModel user = session.users().getUserById(realm, event.getUserId());
String email = user.getEmail();
String domain = email.substring(email.indexOf("@") + 1);
HomeIdpDiscoverer discoverer= session.getProvider(HomeIdpDiscoverer.class);
final List<IdentityProviderModel> homeIdps = discoverer.discoverForUser(session.getContext(), user.getEmail());
if (homeIdps.isEmpty()) {
--> Welcome + extra info to setup your account, 2fa etc
} else {
--> Welcome mail, please use your IDP
}
session.getProvider(EventListenerProvider.class).onEvent(event);
}
}
Describe alternatives you've considered
No response
Anything else?
I can do it as workaround like this, but then I dont use the idp-home plugin:
Optional<IdentityProviderModel> matchingIdp = realm.getIdentityProvidersStream()
.filter(idp -> {
String propertyValue = idp.getConfig().get("home.idp.discovery.domains");
if (propertyValue != null) {
String[] domains = propertyValue.split("##");
return Arrays.asList(domains).contains(domain);
}
return false;
})
.findFirst();