Hi all,
we have a setup where users are authenticated via an external identity provider
(SAML and OpenID Connect) and automatically create users on first login in an
external system via a custom user federation.
Now we have the requirement to limit the users for whom a user account is
created based on the assertions/claims provided by the IdP. On first broker
login a user account should only be created if, e.g. the token provided by the
external IdP contains a certain combination of claims. Otherwise a message
should be shown that the user is not allowed to access the application.
Is there any way to achieve this without writing a custom authenticator? Thank
you in advance.
Bests,
Matthias