[keycloak-dev] Can KeyCloack be used without any passwords?

I'd just like to say that KeyCloak looks like a great project. It will be nice not to have to reinvent the account management wheel every time you write an app. I have a couple of questions about KeyCloak: 1. After playing with the demo it looks like first time social logins require a local user account to be created. Is this a fixed requirement, or is it possible for people to log in from Google/Twitter/Facebook without a local user account? Or at least with a local account that has no password? I ask because ideally we would like to never deal with any user passwords whatsoever, and defer all password management to external services. 2. Do you expect the LDAP or AD support to work like a social login i.e. will users with local network accounts be required to create a KeyCloak user account in addition to their network account? 3. Is it possible to associate multiple social logins with a single account? Something like what Stack Exchange does where you can add a Google and a Facebook account to your existing SE account. Regards Matthew Casperson RHCE, RHCJA # 111-072-237 Red Hat Engineering Content Services Brisbane, Australia