[keycloak-dev] broker import should be local only?

Bill Burke bburke at redhat.com
Wed Dec 14 11:47:08 EST 2016


There is a difference here...linking vs. import.  Linking is linking a 
brokered user to an existing account.  Import is when the user doesn't 
exist.  I guess nobody has had a problem with this so my concern doesn't 
matter.


On 12/14/16 11:32 AM, Marek Posolda wrote:
> +1
>
> IMO it is perfectly valid to have same user linked to both LDAP (or 
> other userStorage) and identity providers. I think that for 
> https://issues.jboss.org/browse/KEYCLOAK-2943 we should just have a 
> way to bypass calling IdentityProviderMapper.updateBrokeredUser to 
> avoid updating read-only user. I think that all those JIRAS are very 
> similar and should be addressed together:
> https://issues.jboss.org/browse/KEYCLOAK-2943
> https://issues.jboss.org/browse/KEYCLOAK-2950
> https://issues.jboss.org/browse/KEYCLOAK-3829
>
> Marek
>
>
> On 14/12/16 15:51, Stian Thorgersen wrote:
>> As the registration form and admin console results in creating new 
>> users in
>> a user storage provider if it supports registration I don't see why it
>> should be any different for brokered users. They are used "automatically
>> registered" on first login.
>>
>> On 14 December 2016 at 15:28, Bill Burke <bburke at redhat.com> wrote:
>>
>>> I'm looking at the broker flow code and it seems that we import users
>>> into whatever storage provider supports adding users. Should this 
>>> import
>>> be local only and bypass any User Storage Providers?  This breaks
>>> backwards compatbility, but I'm not sure the old approach was the
>>> correct one.
>>>
>>> Thoughts?
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>



More information about the keycloak-dev mailing list