Redirect to default IDP if user is not linked #370
-
|
Is it possible to always redirect to one default IdP if the entered username/email is not linked? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Please check if this works for you --> #34 (comment) |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your quick reply! Unfortunately, this is not working on my side. I have federated and non-federated users in my Keycloak. Whenever I type in a completely unknown username to Keylcoak it will just show the passwort field, instead of redirecting to a default IDP (on the IDP the user is already there). However, if I configure a default identity provider in the I'm using Keycloak v19 and IDP-Discovery v.19.1.0. |
Beta Was this translation helpful? Give feedback.
-
|
Ok, I see. You want to redirect non-existend users to an identity provider while existing local users should be able to enter their password, right? That is currently not supported. If this were supported by the extension, it would make it easy for attackers to discover registered emails present on keycloak, because the attacker would see different behaviour for non-existent and existent accounts. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your clarification Sven. |
Beta Was this translation helpful? Give feedback.
Ok, I see. You want to redirect non-existend users to an identity provider while existing local users should be able to enter their password, right?
That is currently not supported.
If this were supported by the extension, it would make it easy for attackers to discover registered emails present on keycloak, because the attacker would see different behaviour for non-existent and existent accounts.