Re: [keycloak-user] Google login without automatic user registration
Hi Scott,
On Fri, 2019-01-18 at 13:03 -0500, Scott Thibault wrote:
That does look like it does what we would want. However, I don't
think I can add custom authenticators. I'm administering an Eclipse Che instance
which embeds Keycloak for it's authentication. Is there any other approach?
Just FYI, Che's embedded Keycloak is fully accessible [1], so it shouldn't be
problematic install a single JS authenticator.
[1] https://www.eclipse.org/che/docs/che-6/user-management.html
Good luck,
Dmitry
--Scott
> On Wed, Jan 16, 2019 at 5:52 PM Dmitry Telegin <dt(a)acutus.pro> wrote:
> Hi Scott,
>
> I think Geoffrey Cleaves has done this with the help of custom authenticator, please
check out this thread:
http://lists.jboss.org/pipermail/keycloak-user/2018-December/016703.html
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info(a)acutus.pro
>
> On Wed, 2019-01-16 at 14:12 -0500, Scott Thibault wrote:
> > Out-of-the-box, the First Broker Login flow automatically registers
> > non-existing users authenticated by an identity provider. I would not like
> > anyone with a valid Google account to be able to login, but only those with
> > existing accounts. However, any attempt to create a custom flow without
> > the "Create User If Unique" item leads to an
error=invalid_user_credentials.
> >
> > Is there some solution that would allow me to prevent users without an
> > existing account to login via the Google identity provider?
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>