Introduction
The CoreOne Authentication User can have multiple references to the external users from external identity providers, also known as federation or brokering. He has the option to merge those accounts manually and automatically to a local account. Both processes are described here.
Auto
...
Merging / Auto Registration
Whenever a user authenticates with an external identity provider and the authentication results in a user that is nor yet linked to any CoreOne Authentication User, the system either tries to auto merge it or, if no user can be determinated, renders the registration form.
In current versions only on auto lower than 8.0 only one merging type is supported. The auto merging is performed by comparing the claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
from the external token to the user claims in the system. If there is a matching claim, the two accounts will be automatically linked.
...
Starting from version 8.0 and higher, each claim in the claim mapping configuration can be marked as a matching claim. I.e. if you mark the mobile
claim as a matching claim, the auto merging process will try to match the user based on the that claim. Note that this will only work if there is no more than one user with the same claim value.
Manual Merging
In the CoreOne Self-Service Portal the user has the option to merge his CoreOne Authentication Service User to any configured external identity provider. By selecting the provider and authenticating against it, the external identity provider and it’s user will be merged to the current user, whether the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
matches the local email address or not.
Supported Protocols
Federation / Brokering is possible with both OIDC and SAML.