SAML IDP seamless SSO - keycloak-user - Jboss List Archives

2025

January

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

SAML IDP seamless SSO

Upgrading 3.4.3 to 4.1

How to login without username and...

Devlin, Martin

Wednesday, 1 August 2018 Wed, 1 Aug '18

3:50 p.m.

Hi, I am setting up a SAML IDP. The user will already exist in Keycloak, I want that user linked to the IDP. What I want is for the user to be linked invisibly, without having to do anything. I have disabled the following in the First Broker Login flow: ``` first broker login/idp-review-profile set to DISABLED first broker login/idp-confirm-link set to DISABLED first broker login/idp-email-verification set to DISABLED ``` This gets rid of the dialogs to confirm profile and email verification. But there's another setting that I can't disable: " Username Password Form For Identity Provider Reauthentication" So as it is the user has to authenticate against the IDP (which is what I want) but then also against Keycloak (which I don;t want). Thanks, Martin

Reply

Show replies by date

Dmitry Telegin

Thursday, 2 August Thu, 2 Aug

1:55 a.m.

Hi Martin, What version of Keycloak is it? Tested with both 3.4.0 and 4.1.0, and I was able to set the whole "Verify Existing Account By Re-authentication" to DISABLED. Either way, you should be able to make a copy of the flow, remove "Verify Existing Account By Re-authentication" completely, and override First Broker Login flow in your IdP settings in Keycloak. Cheers, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic +42 (022) 888-30-71 E-mail: info(a)acutus.pro On Wed, 2018-08-01 at 14:50 +0100, Devlin, Martin wrote:

Hi, I am setting up a SAML IDP. The user will already exist in Keycloak, I want that user linked to the IDP. What I want is for the user to be linked invisibly, without having to do anything. I have disabled the following in the First Broker Login flow: ``` first broker login/idp-review-profile set to DISABLED first broker login/idp-confirm-link set to DISABLED first broker login/idp-email-verification set to DISABLED ``` This gets rid of the dialogs to confirm profile and email verification. But there's another setting that I can't disable: " Username Password Form For Identity Provider Reauthentication" So as it is the user has to authenticate against the IDP (which is what I want) but then also against Keycloak (which I don;t want). Thanks, Martin _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Reply

Julien Pivotto

10:02 a.m.

New subject: Seamless login

See https://github.com/ohioit/keycloak-link-idp-with-user to achieve this (needs some updates for KC4 -- see attachment) -- (o- Julien Pivotto //\ Open-Source Consultant V_/_ Inuits - https://www.inuits.eu

Reply

2345

days inactive

2346

days old

keycloak-user@lists.jboss.org

Manage subscription

2 comments

3 participants

tags (0)

participants (3)

Devlin, Martin
Dmitry Telegin
Julien Pivotto