[keycloak-user] SAML IDP seamless SSO
Dmitry Telegin
dt at acutus.pro
Wed Aug 1 19:55:04 EDT 2018
Hi Martin,
What version of Keycloak is it? Tested with both 3.4.0 and 4.1.0, and I was able to set the whole "Verify Existing Account By Re-authentication" to DISABLED.
Either way, you should be able to make a copy of the flow, remove "Verify Existing Account By Re-authentication" completely, and override First Broker Login flow in your IdP settings in Keycloak.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Wed, 2018-08-01 at 14:50 +0100, Devlin, Martin wrote:
> Hi,
>
> I am setting up a SAML IDP. The user will already exist in Keycloak, I want
> that user linked to the IDP.
>
> What I want is for the user to be linked invisibly, without having to do
> anything.
>
> I have disabled the following in the First Broker Login flow:
>
> ```
> first broker login/idp-review-profile set to DISABLED
> first broker login/idp-confirm-link set to DISABLED
> first broker login/idp-email-verification set to DISABLED
> ```
>
> This gets rid of the dialogs to confirm profile and email verification.
>
> But there's another setting that I can't disable: "
> Username Password Form For Identity Provider Reauthentication"
>
> So as it is the user has to authenticate against the IDP (which is what I
> want) but then also against Keycloak (which I don;t want).
>
> Thanks,
>
> Martin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list