10

Has anyone used SCIM with Keycloak? If so, can you point me at documentation? I've google searched and it doesn't appear to be a supported configuration.

Mike Maxey
  • 101
  • 1
  • 1
  • 4

2 Answers2

11

I provided a library that integrates with keycloak. Its currently tested with keycloak 8.0.1 and 10.0.1. I provided a simple sample project that shows how to integrate it here:

https://github.com/Captain-P-Goldfish/scim-for-keycloak

EDIT:

For Keycloak 20 and above there is a new SCIM for Keycloak implementation available at https://scim-for-keycloak.de

filtering and sorting does also already work on this example but is done by api-internal features. It is pretty fast up to 5000 users but I haven't done any distress tests. So I do not know when it will become inperformant. If you provide more users you should implement filtering on database level

Goldfish
  • 614
  • 1
  • 7
  • 19
  • since SCIM is an open standard API, and there is an implementation for it as you mentioned (https://github.com/Captain-P-Goldfish/scim-for-keycloak), can I use OKTA SCIM clients in our applications and configure KeyCloak SCIM instead? if they both are using something standard? – Bassel Kh Nov 10 '21 at 17:59
  • If I understand you correctly you want to use OKTA to provision users and groups to keycloak? This should work using the scim-for-keycloak API – Goldfish Nov 10 '21 at 21:43
  • I need SCIM client to be used by KeyCloak to support user provisioning\ de-provisioning process, whenever I create user in KeyCloak, it can be synced with all third party apps – Bassel Kh Dec 06 '21 at 08:22
  • Keycloak does not reliably support such events. Events are only fired on removed resources but not reliably on created resources. And since keycloak is using JPA there is no reliable way in listening to update events on resources. So a client side implementation would be rather difficult based on the current keycloak implementation – Goldfish Dec 08 '21 at 18:22
5

Unfortunately SCIM isn't supported by Keycloak yet. There's an open issue (feature request) on their Jira: https://issues.jboss.org/browse/KEYCLOAK-2537

I just noticed that someone has started to create an open source implementation for SCIM on Keycloak. Haven't tested it yet, but sure will do that soon.

Theos
  • 646
  • 6
  • 13