[keycloak-dev] broker import should be local only?
Marek Posolda
mposolda at redhat.com
Wed Dec 14 11:32:40 EST 2016
+1
IMO it is perfectly valid to have same user linked to both LDAP (or
other userStorage) and identity providers. I think that for
https://issues.jboss.org/browse/KEYCLOAK-2943 we should just have a way
to bypass calling IdentityProviderMapper.updateBrokeredUser to avoid
updating read-only user. I think that all those JIRAS are very similar
and should be addressed together:
https://issues.jboss.org/browse/KEYCLOAK-2943
https://issues.jboss.org/browse/KEYCLOAK-2950
https://issues.jboss.org/browse/KEYCLOAK-3829
Marek
On 14/12/16 15:51, Stian Thorgersen wrote:
> As the registration form and admin console results in creating new users in
> a user storage provider if it supports registration I don't see why it
> should be any different for brokered users. They are used "automatically
> registered" on first login.
>
> On 14 December 2016 at 15:28, Bill Burke <bburke at redhat.com> wrote:
>
>> I'm looking at the broker flow code and it seems that we import users
>> into whatever storage provider supports adding users. Should this import
>> be local only and bypass any User Storage Providers? This breaks
>> backwards compatbility, but I'm not sure the old approach was the
>> correct one.
>>
>> Thoughts?
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list