Hi,
is it possible to have multiple keycloak users mapped to 1 identity from e.g. SAMLv2
Identity Provider.
From my understanding of entity model,
findUserByFederatedIdentityAndRealm query and browser authentication flow, this is not
possible. Using federated identity links you can have only 1 identity mapped to 1 keycloak
user. Somethink like List<UserModel> users =
UserProvider.getUsersByFederatedIdentity() does not exists.
Question is, if it's possible to implement custom Authenticators and flow where
authenticators will map provider identity to user attribute, then find users by attribute
and provide account selector to choose one by this attribute value. And also if it is best
way how to do that?
thanks, m.