How can you setup Identity Brokering without local accounts?
701 views
Skip to first unread message
dane pane
Jan 28, 2022, 5:15:41 PM1/28/22
to Keycloak User
I posted on keycloak's github page, but thought to reach out here as well: https://github.com/keycloak/keycloak/discussions/9881
Currently when I broker to an external idp I need to either link to an existing local keycloak account, or create a new account.
I'm trying to bypass this entirely is possible so the user doesn't have to either register or link to a local account.
Found a poss solution: https://keycloak.discourse.group/t/link-idp-to-existing-user/1094/7
Trying now, but if anyone has done this I'd appreciate any feedback..
Daniel Meyerholt
Feb 4, 2022, 7:55:36 AM2/4/22
to Keycloak User
Hi,
linking completely without local accounts is not possible afaik. however the approach linked by you should work, but be aware of possible security issues. See also here: https://www.keycloak.org/docs/latest/server_admin/index.html#automatically-link-existing-first-login-flow
Additionally you should use the Identity Provider Redirector in the authflow as required and setup a default IDP https://www.keycloak.org/docs/latest/server_admin/index.html#_client_suggested_idp also it is advisable to check the current registration flow and/or realm settings regarding (local) user registration.
Best
Reply all
Reply to author
Forward
0 new messages