[keycloak-user] Google login without automatic user registration
Dmitry Telegin
dt at acutus.pro
Fri Jan 18 13:54:48 EST 2019
Hi Scott,
On Fri, 2019-01-18 at 13:03 -0500, Scott Thibault wrote:
> That does look like it does what we would want. However, I don't think I can add custom authenticators. I'm administering an Eclipse Che instance which embeds Keycloak for it's authentication. Is there any other approach?
Just FYI, Che's embedded Keycloak is fully accessible [1], so it shouldn't be problematic install a single JS authenticator.
[1] https://www.eclipse.org/che/docs/che-6/user-management.html
Good luck,
Dmitry
>
> --Scott
>
>
> > On Wed, Jan 16, 2019 at 5:52 PM Dmitry Telegin <dt at acutus.pro> wrote:
> > Hi Scott,
> >
> > I think Geoffrey Cleaves has done this with the help of custom authenticator, please check out this thread: http://lists.jboss.org/pipermail/keycloak-user/2018-December/016703.html
> >
> > Cheers,
> > Dmitry Telegin
> > CTO, Acutus s.r.o.
> > Keycloak Consulting and Training
> >
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > +42 (022) 888-30-71
> > E-mail: info at acutus.pro
> >
> > On Wed, 2019-01-16 at 14:12 -0500, Scott Thibault wrote:
> > > Out-of-the-box, the First Broker Login flow automatically registers
> > > non-existing users authenticated by an identity provider. I would not like
> > > anyone with a valid Google account to be able to login, but only those with
> > > existing accounts. However, any attempt to create a custom flow without
> > > the "Create User If Unique" item leads to an error=invalid_user_credentials.
> > >
> > > Is there some solution that would allow me to prevent users without an
> > > existing account to login via the Google identity provider?
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
More information about the keycloak-user
mailing list