[keycloak-user] Problem with account linking?!

Marco de Luca marco.deluca at carity.se
Tue Mar 13 05:55:44 EDT 2018


Scenario:
We are using keycloak OIDC to create id-token/UserInfo för our applications. IdP is provided by an external trusted SAML IdP.  We want Keycloak to provide SSO between all applications (clients) using the Keycloak server (3.4.3-Final).

User information from the external IdP is trusted and we don't want the users to link and/or verify the account.
 

Problem:
When a user access the application "A" uses Keycloak to authenticate the user everything is OK. 
- Keycloak creates a user account using a specified attribute (unique id from SAML response )
When the user access the application a second time (close browser or logout) keycloak require the user to link the account.

"We're sorry ... User with username tst5565594230 already exists. Please login to account management to link the account."

We have disabled account "Confirm Link Existing Account" for relevant Authentication binding (browser flow, first broker login).

Any suggestions? 


-- 
Marco 



More information about the keycloak-user mailing list