I'm not sure yet.

On one hand I could imagine an "exclusive" setting on IdentityProvider level which means that a user provided by this Identity Provider cannot add another linked Identity.

Problem is that this only works for users which come through this IdP. Users that are only registered in Keycloak directly currently cannot have such a setting since the current Keycloak IdP instance itself is not represented as an IdP...

I wonder whether it would make sense to add Keycloak as a "fixed" IdP to the IdP list in order to be able to adjust such things...

Cheers,

Thomas

2016-08-29 16:00 GMT+02:00 Stian Thorgersen <sthorger@redhat.com>:

Sounds sane - would it be an option per-realm or per-identity provider?

On 28 August 2016 at 13:06, Thomas Darimont <thomas.darimont@googlemail.com> wrote:
Hello group,

Currently when an external Identity Provider like google is configured for a realm
a user registered in the realm directly and NOT with google also sees
a federated identity section on his account page in the default Keycloak template.

There a user can associate his account with a google account
(Federated Identities -> google -> add).
Is it possible to not show the link without changing the template?

I think it should be configurable whether or not existing users have the option to link their
accounts with an external Identity Provider like google.

Cheers,
Thomas

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev