I am using keycloak as an identity broker to SAML identity provider in order to login to web application.
To get it work I have created new authentication flow which looks like: "Create User If Unique", "Automatically Link Brokered Account".
Keycloak redirects correctly to the identity provider with the login page. After login identity provider redirects as expected to keycloak and then to my web application but keycloak also creates local user.
Is it possible to use external IDP without local users creation?
The problem with local users : I have "custom user federation" implementation which fetch users from my application and if local user created it's not possible login to keycloak using "custom user federation". Keycloak will just try login like with local user.
