[keycloak-user] SAML IdP automatically link account

Glenn Campbell campbellg at teds.com
Thu Aug 25 09:12:31 EDT 2016


I still haven't gotten anywhere with this. Here's what I've tried so far:

1) modifying First Broker Login flow as follows -
Review Profile - disabled
Create User If Unique - alternative
Handle Existing Account - alternative
everything under Handle Existing Account that can be disabled I have
disabled

Result: I authenticate with the remote SAML server but my local Keycloak
server displays an error screen saying "Invalid username or password".


2) created a custom authentication flow containing the following -
Create User If Unique - alternative
A custom authenticator class with an authenticate method that just calls
the success method of the AuthenticationFlowContext.

Result: I authenticate with the remote SAML server but my local Keycloak
server displays an error screen saying "Invalid username or password".


As always, any suggestions would be greatly appreciated.

On Tue, Aug 23, 2016 at 9:49 AM, Glenn Campbell <campbellg at teds.com> wrote:

> I have a SAML IdP that is used only for authentication and a separate
> database that contains information about the users, including roles. I've
> set up the database in User Federation and the SAML IdP in Identity
> Providers.
>
> The problem I have is that when users log in they are prompted to link to
> an existing account. This is confusing for them because from their
> perspective the only account they know about is the one on the SAML IdP.
>
> Is it possible to configure this Identity Provider to be "trusted" so that
> the accounts are linked automatically? I started looking into creating a
> custom authenticator based on the documentation and the custom
> authenticator in the example code but I don't see what the necessary steps
> are to cause the automatic account linking.
>
> Any suggestions would be greatly appreciated.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160825/fe273fc0/attachment.html 


More information about the keycloak-user mailing list