Someone else asked recently for it. I think that JIRA already exists.
Feel free to create new JIRA if you are not able to find the existing one.
Yes, currently the builtin CreateUserIfUnique authenticator does 2 things:
- Check if brokered user already exists in Keycloak DB. If no, then
create new user
- If it exists, then set some info into the current clientSession about
the existing user
The other authenticators in the chain assume that there is the info
about duplicated user in clientSession already. There should be some
more flexibility here (either possibility to configure
CreateUserIfUnique authenticator to never create new users, or let the
existing authenticators to find-out by themselves if duplicated user
here or not).
You can also send PR for it or as a workaround, replace the
CreateUserIfUnique authenticator with your own authenticator impl, which
won't allow to register new users.
Btv. There is also possibility that Keycloak users can link brokers in
account management console.
Marek
On 07/03/17 15:16, teroz wrote:
Hi there
is there a way to pre-create users and have these users able to link these
existing acounts google accounts without also being forced to allow any
random google user from being able to create an account?
Seems thats How First Broker Login works. Any attempt to disable the
"Create User If Unique" step makes the flow unusable with always the same
error
*WARN [org.keycloak.events] (default task-94)
type=IDENTITY_PROVIDER_FIRST_LOGIN_ERROR, realmId=example,
clientId=js-console, userId=null, ipAddress=127.0.0.1,
error=invalid_user_credentials, identity_provider=google,
auth_method=openid-connect, auth_type=code,
redirect_uri=http://127.0.0.1:8080/js-console/
<
http://127.0.0.1:8080/js-console/>, identity_provider_identity=......*
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user