[keycloak-dev] Optional account association with Federated Identity
Stian Thorgersen
sthorger at redhat.com
Mon Aug 29 12:20:23 EDT 2016
Seems like that's the wrong way around. Why not just a check-box on the IdP
on whether or not existing users can link to it? If there is available IdPs
to link to the account management console will display those, otherwise
it'll just display details of current provider (if any).
On 29 August 2016 at 16:56, Thomas Darimont <thomas.darimont at googlemail.com>
wrote:
> I'm not sure yet.
>
> On one hand I could imagine an "exclusive" setting on IdentityProvider
> level which means that a user provided by this Identity Provider cannot add
> another linked Identity.
> Problem is that this only works for users which come through this IdP.
> Users that are only registered in Keycloak directly currently cannot have
> such a setting since the current Keycloak IdP instance itself is not
> represented as an IdP...
>
> I wonder whether it would make sense to add Keycloak as a "fixed" IdP to
> the IdP list in order to be able to adjust such things...
>
> Cheers,
> Thomas
>
>
> 2016-08-29 16:00 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:
>
>> Sounds sane - would it be an option per-realm or per-identity provider?
>>
>> On 28 August 2016 at 13:06, Thomas Darimont <
>> thomas.darimont at googlemail.com> wrote:
>>
>>> Hello group,
>>>
>>> Currently when an external Identity Provider like google is configured
>>> for a realm
>>> a user registered in the realm directly and NOT with google also sees
>>> a federated identity section on his account page in the default Keycloak
>>> template.
>>>
>>> There a user can associate his account with a google account
>>> (Federated Identities -> google -> add).
>>> Is it possible to not show the link without changing the template?
>>>
>>> I think it should be configurable whether or not existing users have the
>>> option to link their
>>> accounts with an external Identity Provider like google.
>>>
>>> Cheers,
>>> Thomas
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160829/56d975d3/attachment.html
More information about the keycloak-dev
mailing list