[keycloak-user] Skip Broker First-Time Flow?

Phillip Fleischer pcfleischer at outlook.com
Thu Aug 24 04:38:19 EDT 2017


Not sure of your appetite for customization but you can create a copy of the first login flow and remove or replace the execution steps you don't want.

As far as how you'll create or link the account if none of the existing executions work, worst case you'd have to write your own.

________________________________
From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> on behalf of Peter K. Boucher <pkboucher801 at gmail.com>
Sent: Wednesday, August 23, 2017 2:51:48 PM
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Skip Broker First-Time Flow?

We have a need to pre-provision user accounts that are to be accessed with
SAML from an outside IdP.  These accounts are only ever to be used via SAML
from this external IdP (i.e., we never want them to have to use a password
to verify anything to Keycloak.



Is there any way for the account-linking the first time the user comes in
with SAML to happen automatically and silently?



We understand that in some circumstances it would be a security hole to
allow someone to connect via a brokered IdP to an existing account that has
already been used, but these accounts are being created specifically to be
accessed by this particular broker.



Any help?



Thanks!



Regards,

Peter K. Boucher

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list