First broker login flow without user registration in Keycloak

[Naresh Reddy]

As per Keycloak documentation when the user is logs in through identity brokering, Keycloak checks and creates user in realms local database as part of First Broker Login Flow.

Is there a way to disable user onboarding in Keycloak local database and always check for the authentication from IDP instead of local database?

And what is the rationale behind this default Keycloak implementation as there are some basic issues like user data synchronisation between Keycloak and IDP?

[Sanket D]

Hi Naresh,

Can you be a bit more clear? In the First Broker Login flow, when a user logs-in using Identity Provider, he is already "authenticated" by the Identity Provider.

For subsequent logins, you can create a custom Authentication flow where you check for username as step 1 and depending on certain user attribute forward user to a pre-selected Identity Provider for actual authentication. To the best of my knowledge, you would need to provide your own implementation of Authenticator interface for this picking-and-choosing based on user attribute.

Best Regards,

Sanket.

[Naresh Reddy]

Thanks Sanket for your response and sorry for the delay. Actually my question was in First login flow after the authentication from IDP user is getting created in Keycloak if not exists. I dont want Keycloak to create the user after authentication through IDP. I think even with custom authentication flow Keycloak will create user if not exists. Please correct me.

Thanks,

Naresh

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/4f6196c3-502f-425b-b0ff-9271009a258d%40googlegroups.com.