[keycloak-user] Identity first login flow
Arlen Thurber
arlen.thurber at datastax.com
Thu Feb 7 11:16:56 EST 2019
Hello Keycloak community,
I am looking for more information on an custom authentication method named
Identity first login flow. I found this concept in a keycloak Jira ticket
https://issues.jboss.org/browse/KEYCLOAK-1514
<https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.org_browse_KEYCLOAK-2D1514&d=DwMFaQ&c=adz96Xi0w1RHqtPMowiL2g&r=sqAgoVDTHNAxKFdEw2Gsf-lKoKfVv7an6sSzwRptkVE&m=suYxesyTxKuQO_AKnaw9rEdnNBTl_dfoYhkBxinOd6E&s=TwaWnYeAln05CNoMlMVahuYPA_bqYiR8x858250pCfc&e=>.
The issue was opened 03/Jul/15. There was a discussion back in February of
2018 that mentioned that this functionality would be offered "out of the
box",
http://lists.jboss.org/pipermail/keycloak-dev/2018-February/010416.html
<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.jboss.org_pipermail_keycloak-2Ddev_2018-2DFebruary_010416.html&d=DwMFaQ&c=adz96Xi0w1RHqtPMowiL2g&r=sqAgoVDTHNAxKFdEw2Gsf-lKoKfVv7an6sSzwRptkVE&m=suYxesyTxKuQO_AKnaw9rEdnNBTl_dfoYhkBxinOd6E&s=G8mwaiJc4JoTW0XX292ycJlXsAePPyVq_NM26bVZvxM&e=>
, but i cant find any more mention of it, and the issue was just recently
put into triage on 22/Jan/19.
In the description of Identity first login flow :
"This makes it possible to not require a password for a user when other
authentication mechanisms are used (for example fingerprint, two-way ssl,
etc.). Also, it allows automatically redirecting to an external IdP when
the user is linked to an external IdP (either the user used the IdP to
login before or a email domain has been configured to the IdP)."
Does anyone have any more information about this concept, an example of it
working, or advice on how this login flow could be achieved?
Thank you,
Arlen
More information about the keycloak-user
mailing list