Has anyone made
https://github.com/ohioit/keycloak-link-idp-with-user work
with Keycloak 3.1.0.Final? It seems to have been designed for 1.9.0.Final
-----Original Message-----
From: Adam Keily [mailto:adam.keily@adelaide.edu.au]
Sent: Wednesday, August 30, 2017 12:27 AM
To: Marek Posolda <mposolda(a)redhat.com>; Peter K. Boucher
<pkboucher801(a)gmail.com>; 'Phillip Fleischer'
<pcfleischer(a)outlook.com>;
keycloak-user(a)lists.jboss.org
Subject: RE: [keycloak-user] Skip Broker First-Time Flow?
Check out.
https://github.com/ohioit/keycloak-link-idp-with-user
We use it to silently link users coming from another corporate IDP with our
federated LDAP accounts.
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org
[mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Marek Posolda
Sent: Friday, 25 August 2017 10:59 PM
To: Peter K. Boucher <pkboucher801(a)gmail.com>; 'Phillip Fleischer'
<pcfleischer(a)outlook.com>; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Skip Broker First-Time Flow?
Yes.
Marek
On 25/08/17 15:08, Peter K. Boucher wrote:
Not asking you to review/endorse this code, but does the approach
seem
reasonable?
https://github.com/ohioit/keycloak-link-idp-with-user
-----Original Message-----
From: Marek Posolda [mailto:mposolda@redhat.com]
Sent: Thursday, August 24, 2017 5:30 AM
To: Phillip Fleischer <pcfleischer(a)outlook.com>; Peter K. Boucher
<pkboucher801(a)gmail.com>; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Skip Broker First-Time Flow?
+1 to what Phillip mentioned.
We were thinking for adding the authenticator OOTB, which will link
accounts automatically. But didn't added in the end because of security.
However you're not the first asking for it, so maybe it makes sense -
as long as this authenticator won't be in the flow by default and
admin would need to edit the first-broker-login flow on his own risk.
Feel free to create JIRA (maybe it already exists, so you can add
comment like "I want it too" and add vote :) )
Marek
On 24/08/17 10:38, Phillip Fleischer wrote:
> Not sure of your appetite for customization but you can create a copy of
the
first login flow and remove or replace the execution steps you don't
want.
>
> As far as how you'll create or link the account if none of the existing
executions work, worst case you'd have to write your own.
>
> ________________________________
> From: keycloak-user-bounces(a)lists.jboss.org
> <keycloak-user-bounces(a)lists.jboss.org> on behalf of Peter K. Boucher
> <pkboucher801(a)gmail.com>
> Sent: Wednesday, August 23, 2017 2:51:48 PM
> To: keycloak-user(a)lists.jboss.org
> Subject: [keycloak-user] Skip Broker First-Time Flow?
>
> We have a need to pre-provision user accounts that are to be accessed
> with SAML from an outside IdP. These accounts are only ever to be
> used via SAML from this external IdP (i.e., we never want them to
> have to use a password to verify anything to Keycloak.
>
>
>
> Is there any way for the account-linking the first time the user
> comes in with SAML to happen automatically and silently?
>
>
>
> We understand that in some circumstances it would be a security hole
> to allow someone to connect via a brokered IdP to an existing account
> that has already been used, but these accounts are being created
> specifically to be accessed by this particular broker.
>
>
>
> Any help?
>
>
>
> Thanks!
>
>
>
> Regards,
>
> Peter K. Boucher
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user