There is a difference here...linking vs. import. Linking is linking a
brokered user to an existing account. Import is when the user doesn't
exist. I guess nobody has had a problem with this so my concern doesn't
matter.
On 12/14/16 11:32 AM, Marek Posolda wrote:
+1
IMO it is perfectly valid to have same user linked to both LDAP (or
other userStorage) and identity providers. I think that for
https://issues.jboss.org/browse/KEYCLOAK-2943 we should just have a
way to bypass calling IdentityProviderMapper.updateBrokeredUser to
avoid updating read-only user. I think that all those JIRAS are very
similar and should be addressed together:
https://issues.jboss.org/browse/KEYCLOAK-2943
https://issues.jboss.org/browse/KEYCLOAK-2950
https://issues.jboss.org/browse/KEYCLOAK-3829
Marek
On 14/12/16 15:51, Stian Thorgersen wrote:
> As the registration form and admin console results in creating new
> users in
> a user storage provider if it supports registration I don't see why it
> should be any different for brokered users. They are used "automatically
> registered" on first login.
>
> On 14 December 2016 at 15:28, Bill Burke <bburke(a)redhat.com> wrote:
>
>> I'm looking at the broker flow code and it seems that we import users
>> into whatever storage provider supports adding users. Should this
>> import
>> be local only and bypass any User Storage Providers? This breaks
>> backwards compatbility, but I'm not sure the old approach was the
>> correct one.
>>
>> Thoughts?
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev