[keycloak-user] Two realms; one LDAP; one namespace?

[Jason Axley]

You are right – I found a dummy test account that had the same email address on it.  My bad ;-)

And it’s still an open issue to support non-unique email addresses on accounts I see:  https://issues.jboss.org/browse/KEYCLOAK-2141

-Jason

From: Marek Posolda <mposolda at redhat.com>
Date: Sunday, May 15, 2016 at 11:33 PM
To: Jason Axley <jaxley at expedia.com>, "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] Two realms; one LDAP; one namespace?

On 13/05/16 16:58, Jason Axley wrote:
Just configured two different realms pointing to the same LDAP directory.  Logged into master via LDAP the first time.  The second time, logged into another realm with the same user and got an error “Email already exists.”

Shouldn’t the realms be independent of one another?  It seems like there is a universal namespace for users that crosses realms.  Is that intended?  What is the “Keycloak way” to handle this situation if it’s by design?
yes, realms should be independent on each other. And AFAIK they are. I've just tried the scenario you described and wasn't able to reproduce with steps you provided. I have user "john" successfully imported from same LDAP in both "realm-a" and "realm-b".

The fact that you had "Email already exists" in "realm-b" is maybe not related to the fact that you previously logged to "realm-a". You can try to see admin console and list of users in "realm-b" and doublecheck if there is really not a already existing user with the conflicting email.

Marek


-Jason




_______________________________________________

keycloak-user mailing list

keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>

https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160516/c46583e3/attachment.html