It makes sense to me to allow application to retrieve the external IDP
token and configure this per application via custom claim. But I am not
seeing much point to filter identity providers on login screen based on
IMO login screen should be same for whole realm. And if I enable
Facebook login, it should be enabled for all apps in the realm.
Restriction based on apps still won't work well as Keycloak is SSO
system. Even if I don't allow Facebook login for application "foo", I
can still login to Facebook in application "bar" and then I can be
logged via SSO to application "foo". At least that's my point of view to
On 6.2.2015 14:15, Pedro Igor Silva wrote:
Does makes sense to enable an identity provider to an application and *not* allow
the same application to retrieve tokens from the identity provider ?
keycloak-dev mailing list