[BUG] Restriction with an Identity Provider appears to be non-functional #114
Comments
|
Hello @mdurand54, thanks for reporting this. You will have to configure post login flow for every identity provider. This has also already been discussed in KEYCLOAK-19538 and seems to be by design. Best regards |
|
Oh okay. Thanks for the explanation. So, I'm trying to configure a post login flow. Would it make sense to keep only the cookie and the authenticator part post login flow. Something like:
|
|
You may not even need the cookie authenticator, because that is generally checked before the IdP redirect already. If a sso cookie is present in the request, you should not get redirected to the IdP. |
|
Effectively, the extension is sufficient in the post login flow. Thank you very much for your help! |
Is there an existing issue for this?
Current Behavior
I am configuring the access restriction. I have no problem restricting access using
Username Password Form. However, as soon as I use the configured identity provider, the restriction never applies.Expected Behavior
The same operation between the Username/password connection and the identifty provider connection.
Steps To Reproduce
Here is the connection flow I have:
Version
Anything else?
I searched through the existing issues, I did not find a clue to solve my problem. Sorry if this is the case.
I also wondered about "is this prodider supposed to work with an Identity Provider?". The only answer I could find in the README is here. And it just says, that this provider is better than the "Allow/Deny Access" feature which doesn't work with identity providers.
In any case, thank you for your work!
The text was updated successfully, but these errors were encountered: