[keycloak-dev] Optional account association with Federated Identity

Thomas Darimont thomas.darimont at googlemail.com
Mon Aug 29 10:56:35 EDT 2016


I'm not sure yet.

On one hand I could imagine an "exclusive" setting on IdentityProvider
level which means that a user provided by this Identity Provider cannot add
another linked Identity.
Problem is that this only works for users which come through this IdP.
Users that are only registered in Keycloak directly currently cannot have
such a setting since the current Keycloak IdP instance itself is not
represented as an IdP...

I wonder whether it would make sense to add Keycloak as a "fixed" IdP to
the IdP list in order to be able to adjust such things...

Cheers,
Thomas


2016-08-29 16:00 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:

> Sounds sane - would it be an option per-realm or per-identity provider?
>
> On 28 August 2016 at 13:06, Thomas Darimont <thomas.darimont at googlemail.
> com> wrote:
>
>> Hello group,
>>
>> Currently when an external Identity Provider like google is configured
>> for a realm
>> a user registered in the realm directly and NOT with google also sees
>> a federated identity section on his account page in the default Keycloak
>> template.
>>
>> There a user can associate his account with a google account
>> (Federated Identities -> google -> add).
>> Is it possible to not show the link without changing the template?
>>
>> I think it should be configurable whether or not existing users have the
>> option to link their
>> accounts with an external Identity Provider like google.
>>
>> Cheers,
>> Thomas
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160829/c801b374/attachment-0001.html 


More information about the keycloak-dev mailing list