libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Fixing topics.adoc and cross-references

Browse source
This commit is contained in:
Andy Munro 2021-04-19 09:44:20 -04:00 committed by Marek Posolda
parent a0b31dced3
commit 2cb26dd703
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server_admin/topics/authentication/conditions.adoc
View file

@ -26,7 +26,7 @@ The Execution requirements section includes an example of the OTP form.
`Condition - User Attribute`:: `Condition - User Attribute`::
This checks if the user has set up the required attribute. This checks if the user has set up the required attribute.
There is a possibility to negate output, which means the user should not have the attribute. There is a possibility to negate output, which means the user should not have the attribute.
The <<_user-attributes,User Attributes>> section shows how to add a custom attribute. The xref:proc-configuring-user-attributes_{context}[User Attributes] section shows how to add a custom attribute.
You can provide these fields: You can provide these fields:
Alias::: Alias:::

2
server_admin/topics/identity-broker/first-login-flow.adoc
View file

@ -37,7 +37,6 @@ Create User If Unique::
* If an account exists, the authenticator implements the next `Handle Existing Account` sub-flow. * If an account exists, the authenticator implements the next `Handle Existing Account` sub-flow.
* To ensure there is no duplicated account, you can mark this authenticator as `REQUIRED`. The user sees the error page if a {project_name} account exists, and users must link their identity provider account through Account management. * To ensure there is no duplicated account, you can mark this authenticator as `REQUIRED`. The user sees the error page if a {project_name} account exists, and users must link their identity provider account through Account management.
NOTE: If you want to skip the ability to create new users, but you want that users authenticated from identity provider must already exists in {project_name} with same username or email like the user from identity provider, you can create new flow and replace `Create User If Exists` authenticator with `Detect Existing Broker User` . More details in the <<Detect Existing User First Login Flow,examples below>>.
Confirm Link Existing Account:: Confirm Link Existing Account::
* On the information page, users see a {project_name} account with the same email. Users can review their profile again and use a different email or username. The flow restarts and goes back to the `Review Profile` authenticator. * On the information page, users see a {project_name} account with the same email. Users can review their profile again and use a different email or username. The flow restarts and goes back to the `Review Profile` authenticator.
@ -92,6 +91,7 @@ To disable user creation:
This configuration also implies that Keycloak itself won't be able to determine which internal account would correspond to the external identity. This configuration also implies that Keycloak itself won't be able to determine which internal account would correspond to the external identity.
Therefore, the `Verify Existing Account By Re-authentication` authenticator will ask the user to provide both username and password. Therefore, the `Verify Existing Account By Re-authentication` authenticator will ask the user to provide both username and password.
[[_detect_existing_user_first_loging_flow]]
==== Detect Existing User First Login Flow ==== Detect Existing User First Login Flow
In order to configure a first login flow in which: In order to configure a first login flow in which: