+1
IMO it is perfectly valid to have same user linked to both LDAP (or
other userStorage) and identity providers. I think that for
https://issues.jboss.org/browse/KEYCLOAK-2943 we should just have a way
to bypass calling IdentityProviderMapper.updateBrokeredUser to avoid
updating read-only user. I think that all those JIRAS are very similar
and should be addressed together:
https://issues.jboss.org/browse/KEYCLOAK-2943
https://issues.jboss.org/browse/KEYCLOAK-2950
https://issues.jboss.org/browse/KEYCLOAK-3829
Marek
On 14/12/16 15:51, Stian Thorgersen wrote:
As the registration form and admin console results in creating new
users in
a user storage provider if it supports registration I don't see why it
should be any different for brokered users. They are used "automatically
registered" on first login.
On 14 December 2016 at 15:28, Bill Burke <bburke(a)redhat.com> wrote:
> I'm looking at the broker flow code and it seems that we import users
> into whatever storage provider supports adding users. Should this import
> be local only and bypass any User Storage Providers? This breaks
> backwards compatbility, but I'm not sure the old approach was the
> correct one.
>
> Thoughts?
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev