SAML Identity Broker - First Login/Browser Flow - Password

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SAML Identity Broker - First Login/Browser Flow - Password

lason
This post has NOT been accepted by the mailing list yet.
Hi guys,

I am currently trying to implement the following SAML broker flow with KC 3.0.1.Final:

Assumption: User not known

User goes to App
User is redirected to KC
User is redirected to SAML IDP and is authenticated there with smartcard
User is redirected back to App
In KC user was created and the assertion attributes were mapped

Now user logs out
User goes to App
User is redirected to KC
User is redirected to SAML IDP and is authenticated there with smartcard
But now KC says invalid username or password

How can it be done, that on second time IDP brokering,  the user is redirect to the app without any password check by using the already existing KC user info on username match (may updates the mapping beforehand in case saml attributes changed)?

thanks
regards
lason