Keycloak - how to allow linking accounts without registration
I am managing a Keycloak realm with only a single, fully-trusted external IdP added that is intended to be the default authentication mechanism for users.
I do not want to allow user to register, i.e. I want to manually create a local Keycloak user, and that user should then be allowed to link his external IdP account to the pre-existing Keycloak account, having the email address as common identifier. Users with access to the external IdP but without an existing Keycloak account should not be allowed to connect.
I tried the following First Broker Login settings, but whenever a user tries to login, he gets an error message (code: invalid_user_credentials).
Do you have any idea what my mistake might be?
Looks like they integrated this feature in version 4.5.0.
See automatic account link docs.
Basically you need to create a new flow and add 2 alternative executions:
Create User If Unique
Automatically Link Brokered Account
- Keycloak - how to allow linking accounts without registration
- What is the correct way to obtain an instance of the authenticated user if I'm using a JWT
- Spring 3/6 Migration Security Config with Custom Filter/Token/Provider - Issues Persisting Principal after successful Provider authenticate()
- JWT, is it safe to use the same key pair to sign from server-side and encrypt from client-side?
- Unable to load files using pickle and multiple modules
- Login with token authentication SWIFT
- not able to authenticate a com.trilead.ssh2.Connection
- OpenCart text at login page doesnt get changed if I change lines in language files
- How to create an authentication token using Java
- Can anyone show me how to make a proper login system for my django application?
- GCP authentication fails in GitHub actions - IaC with Terraform
- Tumblr reblog (TMTumblrSDK) return 401 error
- How to use Freebase API in a PhoneGap Build app?
- Logon trigger with both authorization and log insert
- Best practice of Hashing passwords
- Device generates special code for web authentication
- Authenticating an application server with a backend server
- Authentication failure when access storage blob from Azure Service
- How do I implement social login with GitHub accounts?
- Issue with login widget in streamlit
- Why Base64 is used in JWTs?
- Proxy authentication for Azure CLI
- Google OAuth 2 authorization - Error: redirect_uri_mismatch
- Django returns "Authentication credentials were not provided" when I attempt token authentication
- How to connect to MongoDB 3.2 in Java with username and password?
- Supabase onAuthStateChange keeps triggering (remix)
- Blazor (Interactive server) cookie authentication: user identity is lost after LocalRedirect from Razor page
- How to force logout when Knox created token has expired?
- Custom RemoteAuthenticationHandler won't sign in
- Using meta to redirect in php, but file is in another folder