<div dir="ltr"><div>Seems like that's the wrong way around. Why not just a check-box on the IdP on whether or not existing users can link to it? If there is available IdPs to link to the account management console will display those, otherwise it'll just display details of current provider (if any).</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 29 August 2016 at 16:56, Thomas Darimont <span dir="ltr"><<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I'm not sure yet.<div><br></div><div>On one hand I could imagine an "exclusive" setting on IdentityProvider level which means that a user provided by this Identity Provider cannot add another linked Identity.</div><div>Problem is that this only works for users which come through this IdP. Users that are only registered in Keycloak directly currently cannot have such a setting since the current Keycloak IdP instance itself is not represented as an IdP...</div><div><br></div><div>I wonder whether it would make sense to add Keycloak as a "fixed" IdP to the IdP list in order to be able to adjust such things...</div><div><br></div><div>Cheers,</div><div>Thomas</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2016-08-29 16:00 GMT+02:00 Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Sounds sane - would it be an option per-realm or per-identity provider?</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 28 August 2016 at 13:06, Thomas Darimont <span dir="ltr"><<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.co<wbr>m</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div>Hello group,</div><div><br></div><div>Currently when an external Identity Provider like google is configured for a realm </div><div>a user registered in the realm directly and NOT with google also sees</div><div>a federated identity section on his account page in the default Keycloak template.</div><div><br></div><div>There a user can associate his account with a google account </div><div>(Federated Identities -> google -> add).</div><div>Is it possible to not show the link without changing the template?</div><div><br></div><div>I think it should be configurable whether or not existing users have the option to link their</div><div>accounts with an external Identity Provider like google.</div><div><br></div><div>Cheers,</div><div>Thomas</div></div>
<br></div></div>______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-dev</a><br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>