[keycloak-dev] Social login with user registration disabled
Leonardo Loch Zanivan
leonardo.zanivan at gmail.com
Tue Mar 17 12:41:33 EDT 2015
Admin management isn't the case.
The problem is that social providers automatically "import" new users.
The social login buttons should be visible in login, but not add new users.
It could be a configuration per provider.
On Tue, Mar 17, 2015 at 12:15 PM Marek Posolda <mposolda at redhat.com> wrote:
> On 17.3.2015 16:03, Stian Thorgersen wrote:
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Tuesday, March 17, 2015 3:56:23 PM
> >> Subject: Re: [keycloak-dev] Social login with user registration disabled
> >>
> >> Ho could we actually implement that. We're dependent on a UserModel
> >> existing after the social login.
> > If auto-provision was disabled we'd only allow users to login with a
> identity provider after they have linked the account with a provider. We
> can (and should) also make it possible for admins to add links (an admin
> would just need to know the provider-id and the external user-id to do
> that). Users that try to login without having an account already would just
> get an error.
> We have already admin REST endpoints to add/get/remove links. However in
> admin console UI, it's read-only at this moment (admin can see links,
> but can't add/remove them in UI).
>
> Marek
> >
> >> On 3/17/2015 10:54 AM, Stian Thorgersen wrote:
> >>> It's not directly linked to user registration. When a user logs in the
> >>> first time with an external idp the user is automatically provisioned.
> We
> >>> can add an option on each identity provider to enable/disable
> >>> automatically provisioning of users. Please create a jira to request
> that.
> >>>
> >>> ----- Original Message -----
> >>>> From: "Leonardo Loch Zanivan" <leonardo.zanivan at gmail.com>
> >>>> To: keycloak-dev at lists.jboss.org
> >>>> Sent: Tuesday, March 17, 2015 3:49:05 PM
> >>>> Subject: [keycloak-dev] Social login with user registration disabled
> >>>>
> >>>> I have a requirement in a SaaS application to disable user
> registration,
> >>>> so
> >>>> only administrators can register new users.
> >>>>
> >>>> Users should be able to login with social providers such as Google+
> and
> >>>> Facebook. To allow this, each user could link in his profile.
> >>>>
> >>>> However, when I enable social login, new users are registred
> automatically
> >>>> to
> >>>> the realm. I don't think that right, since User Registration is
> disabled.
> >>>>
> >>>> :/
> >>>>
> >>>> _______________________________________________
> >>>> keycloak-dev mailing list
> >>>> keycloak-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>
> >> --
> >> Bill Burke
> >> JBoss, a division of Red Hat
> >> http://bill.burkecentral.com
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150317/c9d941ba/attachment.html
More information about the keycloak-dev
mailing list