[keycloak-user] Skip Broker First-Time Flow?

Marek Posolda mposolda at redhat.com
Thu Aug 24 05:30:26 EDT 2017 

+1 to what Phillip mentioned.

We were thinking for adding the authenticator OOTB, which will link 
accounts automatically. But didn't added in the end because of security. 
However you're not the first asking for it, so maybe it makes sense - as 
long as this authenticator won't be in the flow by default and admin 
would need to edit the first-broker-login flow on his own risk. Feel 
free to create JIRA (maybe it already exists, so you can add comment 
like "I want it too" and add vote :) )

Marek

On 24/08/17 10:38, Phillip Fleischer wrote:
> Not sure of your appetite for customization but you can create a copy of the first login flow and remove or replace the execution steps you don't want.
>
> As far as how you'll create or link the account if none of the existing executions work, worst case you'd have to write your own.
>
> ________________________________
> From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> on behalf of Peter K. Boucher <pkboucher801 at gmail.com>
> Sent: Wednesday, August 23, 2017 2:51:48 PM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] Skip Broker First-Time Flow?
>
> We have a need to pre-provision user accounts that are to be accessed with
> SAML from an outside IdP.  These accounts are only ever to be used via SAML
> from this external IdP (i.e., we never want them to have to use a password
> to verify anything to Keycloak.
>
>
>
> Is there any way for the account-linking the first time the user comes in
> with SAML to happen automatically and silently?
>
>
>
> We understand that in some circumstances it would be a security hole to
> allow someone to connect via a brokered IdP to an existing account that has
> already been used, but these accounts are being created specifically to be
> accessed by this particular broker.
>
>
>
> Any help?
>
>
>
> Thanks!
>
>
>
> Regards,
>
> Peter K. Boucher
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list