-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] First broker login flow not linking account on restricted client #284
Comments
Hey, why did you add it the first broker login flow instead of the post broker login flow? If I remember correctly Keycloak will not link users when the first broker login flow does not return successfully. That is by design, I think. Can you give the post broker login flow a try, please? Best, |
Hey Sven-Torben, i am new to keycloak. As far as i see there is no post broker login flow. I just "copied" the existing first broker login flow, wrapped in in another subflow and added the plugin as a second step. |
You have to create a new flow and then bind it to your identity provider. Within your identity provider configuration there should be a dropdown box "Post login flow" where you can select the flow to bind it. |
Is there an existing issue for this?
Current Behavior
I created a auth flow containing everything from the default First Broker Login Flow and the restrict-client-auth step. When i now login with a user which exists already in keycloak but is not linked to the IdP, it gives me the keycloak linking process. Once i click the link in the mail to link my user to the existing one i immediately get the "access denied" message from the plugin.
Expected Behavior
Instead of showing the access denied message the user should first be linked to the provider and afterwards check if the user has the needed roles. It seems like skips this step.
Steps To Reproduce
No response
Version
Anything else?
Here is a screenshot from my flow. I zoomed out to have everything on one screenshot. If its to small i can provide more.
The text was updated successfully, but these errors were encountered: