[keycloak-dev] usersession-based UserModels
Stian Thorgersen
stian at redhat.com
Wed Mar 25 10:15:45 EDT 2015
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 25 March, 2015 3:09:11 PM
> Subject: Re: [keycloak-dev] usersession-based UserModels
>
>
>
> On 3/25/2015 9:54 AM, Stian Thorgersen wrote:
> > If we don't create a user in the db for a federated or brokered user
> > wouldn't we loose a lot of functionality like:
> >
> > * Account management
> > * Required actions
> > * Linking multiple brokered/federated accounts with a single internal
> > account
> >
>
> Maybe you're right, but most of those things don't make sense if you're
> completely delegating login to an external provider. I worry how many
> users just want to use us as a bridge between their external IDPs and
> their web apps.
As that's a valid use-case maybe we could have an option on how it's done. We could have a toggle on a realm or individual idps/federators on whether or not users should be provisioned in KC. Users that are not provisioned in KC would have limited functionality.
It's a pretty big dev task to add though, so probably yet another great idea for the road-map?!
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
More information about the keycloak-dev
mailing list