[keycloak-dev] broker import should be local only?
Stian Thorgersen
sthorger at redhat.com
Thu Dec 15 04:38:04 EST 2016
Someone might want to have all their users in the LDAP server. Including
social registered, self registered and registered by admin in KC admin
console.
Do we have a way to control where new users are created?
On 14 December 2016 at 17:47, Bill Burke <bburke at redhat.com> wrote:
> There is a difference here...linking vs. import. Linking is linking a
> brokered user to an existing account. Import is when the user doesn't
> exist. I guess nobody has had a problem with this so my concern doesn't
> matter.
>
>
>
> On 12/14/16 11:32 AM, Marek Posolda wrote:
>
>> +1
>>
>> IMO it is perfectly valid to have same user linked to both LDAP (or other
>> userStorage) and identity providers. I think that for
>> https://issues.jboss.org/browse/KEYCLOAK-2943 we should just have a way
>> to bypass calling IdentityProviderMapper.updateBrokeredUser to avoid
>> updating read-only user. I think that all those JIRAS are very similar and
>> should be addressed together:
>> https://issues.jboss.org/browse/KEYCLOAK-2943
>> https://issues.jboss.org/browse/KEYCLOAK-2950
>> https://issues.jboss.org/browse/KEYCLOAK-3829
>>
>> Marek
>>
>>
>> On 14/12/16 15:51, Stian Thorgersen wrote:
>>
>>> As the registration form and admin console results in creating new users
>>> in
>>> a user storage provider if it supports registration I don't see why it
>>> should be any different for brokered users. They are used "automatically
>>> registered" on first login.
>>>
>>> On 14 December 2016 at 15:28, Bill Burke <bburke at redhat.com> wrote:
>>>
>>> I'm looking at the broker flow code and it seems that we import users
>>>> into whatever storage provider supports adding users. Should this import
>>>> be local only and bypass any User Storage Providers? This breaks
>>>> backwards compatbility, but I'm not sure the old approach was the
>>>> correct one.
>>>>
>>>> Thoughts?
>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>
>>
>
More information about the keycloak-dev
mailing list