Re: [keycloak-user] When using an IdentityBroker
----- Original Message -----
From: "Ed Hillmann" <ed.hillmann(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Sent: Monday, 20 July, 2015 7:15:43 AM
Subject: [keycloak-user] When using an IdentityBroker
Hi, I'm going through the most recent doco, and I'm looking at the
IdentityBroker section. So, having gone through the walkthrough, can someone
tell me if I'm on the right track.
So, step #8 states that "Keycloak is going to check if the response from the
identity provider is valid. If valid, it will create an user or just skip
that if the user already exists".
Does that mean that KeyCloak will have a User, against which roles can be
mapped? This will be a user that would be, for example, displayed in the
admin console just like any locally-defined User?
Yes
I'm trying to piece this all together, from where we can start assigning
roles to these users whose authentication has been performed by an external
IdentityProvider.
Following on from that, the user would continue to authenticate against the
Identity Provider? If they already exist, that's mentioned later on it the
same text where the accounts are linked?
There's is no automatic linking of accounts. There's two scenarios basically:
* A user with same email address exists - in this case a error message is displayed to the
user and user would have to login to account management and link to the identity provider
from there
* The user has already logged-in with the identity provider - in this case a user is
already linked to the identity provider and the user is logged-in
The same user can also authenticate with different methods. It's possible to login to
the same account with username/password as well as multiple identity providers (linked
through account management).
With regards to setting up roles these can either be added through admin console manually
or added automatically either by using default roles or using mappers.
If I've got this wrong, please let me know. :)
Thanks for any help,
Ed
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user