Scenario:
We are using keycloak OIDC to create id-token/UserInfo för our applications. IdP is
provided by an external trusted SAML IdP. We want Keycloak to provide SSO between all
applications (clients) using the Keycloak server (3.4.3-Final).
User information from the external IdP is trusted and we don't want the users to link
and/or verify the account.
Problem:
When a user access the application "A" uses Keycloak to authenticate the user
everything is OK.
- Keycloak creates a user account using a specified attribute (unique id from SAML
response )
When the user access the application a second time (close browser or logout) keycloak
require the user to link the account.
"We're sorry ... User with username tst5565594230 already exists. Please login to
account management to link the account."
We have disabled account "Confirm Link Existing Account" for relevant
Authentication binding (browser flow, first broker login).
Any suggestions?
--
Marco
Show replies by date