[keycloak-user] Configuring Keycloak to not allow login using the built in login when a user is configured using an external IDP

Reed Lewis RLewis at carbonite.com
Fri Jan 6 09:23:12 EST 2017


We have decided to use Keycloak for our identity services.   The current flow will be as follows:


1.       We will have an external system that creates users.   User will not be created by Keycloak, but instead will be created be an external service which calls the Admin API to add users.

2.       We would like some sort of notification sent to the user by keycloak (if it cannot be done that would be OK) that the user was added

3.       If we add the user, and configure an external IDP account for the user (We will be pulling user records using Microsoft’s Azure AD Oauth2 client), we want to make sure that when the user types their username, it will not allow them to even attempt to login using Keycloak’s login, but instead forces them to go to the external IDP login screen.

We have two workflows for adding users.   The first is to have the user added independent of any sort of external IDP.   This is the case where we need some sort of email that goes to the user with a password or link to validate their account.   The second method is to have the customer’s admin login to the external IDP (we will handle this), and we will pull down a list of all users in their directory and add them to keycloak ourselves.   We will assign a link to the IDP in keycloak.   We would also like a welcome message, but since the external IDP is managing the password, we do not need them to change their password.

Is this possible?

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.


More information about the keycloak-user mailing list