<div dir="ltr"><div><div>Admin management isn't the case.<br><br>The problem is that social providers automatically "import" new users.<br><br></div><div>The social login buttons should be visible in login, but not add new users.<br></div><div><br></div><div>It could be a configuration per provider.<br></div></div></div><br><div class="gmail_quote">On Tue, Mar 17, 2015 at 12:15 PM Marek Posolda <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 17.3.2015 16:03, Stian Thorgersen wrote:<br>
><br>
> ----- Original Message -----<br>
>> From: "Bill Burke" <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>><br>
>> To: <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
>> Sent: Tuesday, March 17, 2015 3:56:23 PM<br>
>> Subject: Re: [keycloak-dev] Social login with user registration disabled<br>
>><br>
>> Ho could we actually implement that. We're dependent on a UserModel<br>
>> existing after the social login.<br>
> If auto-provision was disabled we'd only allow users to login with a identity provider after they have linked the account with a provider. We can (and should) also make it possible for admins to add links (an admin would just need to know the provider-id and the external user-id to do that). Users that try to login without having an account already would just get an error.<br>
We have already admin REST endpoints to add/get/remove links. However in<br>
admin console UI, it's read-only at this moment (admin can see links,<br>
but can't add/remove them in UI).<br>
<br>
Marek<br>
><br>
>> On 3/17/2015 10:54 AM, Stian Thorgersen wrote:<br>
>>> It's not directly linked to user registration. When a user logs in the<br>
>>> first time with an external idp the user is automatically provisioned. We<br>
>>> can add an option on each identity provider to enable/disable<br>
>>> automatically provisioning of users. Please create a jira to request that.<br>
>>><br>
>>> ----- Original Message -----<br>
>>>> From: "Leonardo Loch Zanivan" <<a href="mailto:leonardo.zanivan@gmail.com" target="_blank">leonardo.zanivan@gmail.com</a>><br>
>>>> To: <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
>>>> Sent: Tuesday, March 17, 2015 3:49:05 PM<br>
>>>> Subject: [keycloak-dev] Social login with user registration disabled<br>
>>>><br>
>>>> I have a requirement in a SaaS application to disable user registration,<br>
>>>> so<br>
>>>> only administrators can register new users.<br>
>>>><br>
>>>> Users should be able to login with social providers such as Google+ and<br>
>>>> Facebook. To allow this, each user could link in his profile.<br>
>>>><br>
>>>> However, when I enable social login, new users are registred automatically<br>
>>>> to<br>
>>>> the realm. I don't think that right, since User Registration is disabled.<br>
>>>><br>
>>>> :/<br>
>>>><br>
>>>> ______________________________<u></u>_________________<br>
>>>> keycloak-dev mailing list<br>
>>>> <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
>>>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-dev</a><br>
>>> ______________________________<u></u>_________________<br>
>>> keycloak-dev mailing list<br>
>>> <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
>>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-dev</a><br>
>>><br>
>> --<br>
>> Bill Burke<br>
>> JBoss, a division of Red Hat<br>
>> <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
>> ______________________________<u></u>_________________<br>
>> keycloak-dev mailing list<br>
>> <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-dev</a><br>
>><br>
> ______________________________<u></u>_________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-dev</a><br>
<br>
______________________________<u></u>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-dev</a><br>
</blockquote></div>