By: Martin Petri user 20 Jan 2020 at 10:37 a.m. CST

3 Responses
Martin Petri gravatar
Hi! We need to disable automatic user onboarding. We have a manual registration process and we're using cache refresh. User authenticated with oAuth or SAML are mapped to accounts by comparing the email address. It works great with gluu/oxd! But currently it's possible to authenticate by using a trusted provider. Gluu (of course) just creates an account for the new user. Is it possible to disable that? We only want to authenticate known users. The account (with the email address) needs to exist before the user logs on. Cheers, Martin

By Mohib Zico staff 21 Jan 2020 at 7:38 a.m. CST

Mohib Zico gravatar
Hello Martin, I am exactly not clear from where this new user coming. Reason is: - Manual registration: which is allowing user to register into Gluu Server. - Cache Refresh: which is pulling users from some source. How this new user coming other than registration and Cache Refresh?

By Martin Petri user 21 Jan 2020 at 8:15 a.m. CST

Martin Petri gravatar
Hi. Well, please excuse me if i'm getting your question wrong. https://gluu.org/docs/ce/authn-guide/passport/#how-user-onboarding-works "If there are no matches, an entry is added using the values received from the external provider" I tried to log in using passport/github with a new github account and it works. On callback Gluu-Server creates a new user, using the username from github and voila... successfully logged in. Martin

By Michael Schwartz staff 23 Jan 2020 at 12:48 p.m. CST

Michael Schwartz gravatar
There is a property to "Map" instead of to enroll. In this case, the user must pre-exist in the Gluu database (e.g. LDAP) or the authn will fail.