I’m trying to automatically link an existing user to an incoming federated identity over SAML. The issue I’m running into was mentioned here on the mailing list - https://lists.jboss.org/pipermail/keycloak-user/2017-January/009089.html
With the combination of the Template Importer Mapper and the ‘Automatically Link Account’ first login flow it still is not succeeding in automatically linking unless you also pre-configure the user with the identity provider’s ID and username. This would defeat the purpose of the ‘automatic’ linking aspect of this process that we’re trying to obtain.
Is there a way to configure this outside of writing a custom java authentication extension?