[keycloak-dev] Social login with user registration disabled

Thu Mar 19 19:42:02 EDT 2015

JIRA ticket: https://issues.jboss.org/browse/KEYCLOAK-1119

On Tue, Mar 17, 2015 at 1:41 PM Leonardo Loch Zanivan <
leonardo.zanivan at gmail.com> wrote:

> Admin management isn't the case.
>
> The problem is that social providers automatically "import" new users.
>
> The social login buttons should be visible in login, but not add new users.
>
> It could be a configuration per provider.
>
> On Tue, Mar 17, 2015 at 12:15 PM Marek Posolda <mposolda at redhat.com>
> wrote:
>
>> On 17.3.2015 16:03, Stian Thorgersen wrote:
>> >
>> > ----- Original Message -----
>> >> From: "Bill Burke" <bburke at redhat.com>
>> >> To: keycloak-dev at lists.jboss.org
>> >> Sent: Tuesday, March 17, 2015 3:56:23 PM
>> >> Subject: Re: [keycloak-dev] Social login with user registration
>> disabled
>> >>
>> >> Ho could we actually implement that.  We're dependent on a UserModel
>> >> existing after the social login.
>> > If auto-provision was disabled we'd only allow users to login with a
>> identity provider after they have linked the account with a provider. We
>> can (and should) also make it possible for admins to add links (an admin
>> would just need to know the provider-id and the external user-id to do
>> that). Users that try to login without having an account already would just
>> get an error.
>> We have already admin REST endpoints to add/get/remove links. However in
>> admin console UI, it's read-only at this moment (admin can see links,
>> but can't add/remove them in UI).
>>
>> Marek
>> >
>> >> On 3/17/2015 10:54 AM, Stian Thorgersen wrote:
>> >>> It's not directly linked to user registration. When a user logs in the
>> >>> first time with an external idp the user is automatically
>> provisioned. We
>> >>> can add an option on each identity provider to enable/disable
>> >>> automatically provisioning of users. Please create a jira to request
>> that.
>> >>>
>> >>> ----- Original Message -----
>> >>>> From: "Leonardo Loch Zanivan" <leonardo.zanivan at gmail.com>
>> >>>> To: keycloak-dev at lists.jboss.org
>> >>>> Sent: Tuesday, March 17, 2015 3:49:05 PM
>> >>>> Subject: [keycloak-dev] Social login with user registration disabled
>> >>>>
>> >>>> I have a requirement in a SaaS application to disable user
>> registration,
>> >>>> so
>> >>>> only administrators can register new users.
>> >>>>
>> >>>> Users should be able to login with social providers such as Google+
>> and
>> >>>> Facebook. To allow this, each user could link in his profile.
>> >>>>
>> >>>> However, when I enable social login, new users are registred
>> automatically
>> >>>> to
>> >>>> the realm. I don't think that right, since User Registration is
>> disabled.
>> >>>>
>> >>>> :/
>> >>>>
>> >>>> _______________________________________________
>> >>>> keycloak-dev mailing list
>> >>>> keycloak-dev at lists.jboss.org
>> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> >>> _______________________________________________
>> >>> keycloak-dev mailing list
>> >>> keycloak-dev at lists.jboss.org
>> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> >>>
>> >> --
>> >> Bill Burke
>> >> JBoss, a division of Red Hat
>> >> http://bill.burkecentral.com
>> >> _______________________________________________
>> >> keycloak-dev mailing list
>> >> keycloak-dev at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> >>
>> > _______________________________________________
>> > keycloak-dev mailing list
>> > keycloak-dev at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150319/a1451906/attachment-0001.html 