[keycloak-user] Identity Provider for Provisioned Accounts
Thomas Richner
thomas.richner at oviva.com
Wed Mar 27 10:29:25 EDT 2019
Hi all,
I'm trying to add an identity provider that can only be used to log in
for existing accounts.
It should cover the following use case:
1. there is an existing Keycloak account with the email `alice at example.com`
2. Alice also has a Google account with the email `alice at example.com`
3. Alice wants to log in at Keycloak and clicks 'login with google'
4. She successfully completes the Google oauth flow
5. now Alice should have a valid session for the `alice at example.com`
account in Keycloak
There does not need to be any further confirmation/updating of user
information and if `alice at example.com` does not exist in Keycloak the
login should just fail. I struggle especially with the last part since
the `Create User If Unique` in the first broker flow can not be
disabled.
I also came across the following issue
https://issues.jboss.org/browse/KEYCLOAK-4240 which seems to ask for
more or less what I need, but it seems to be dead since quite some
time :/
Did anybody successfully solve that issue? Is there some 'first login
flow' that can handle this use case?
Cheers and Thanks,
Thomas
More information about the keycloak-user
mailing list