<div dir="ltr">Hello Robin,<div><br></div><div>do you have an example configuration for <span style="font-size:12.8px">Shibboleth + Keycloak at hand?</span></div><div><br></div><div>Cheers,</div><div>Thomas</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-06-06 19:18 GMT+02:00 robinfernandes . <span dir="ltr"><<a href="mailto:robin1233@gmail.com" target="_blank">robin1233@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi All,<br><br>We have a situation where the customer is using Shibboleth IdP and sending the NAMEID in the transient format to Keycloak which acts as an SP. However, we use one of the SAML attributes which is email to store that as the username for the user. <br><br>However, after the first login, all subsequent logins fail with the error "User with username already exists." I presume that this is because the NAMEID which is transient is associated with that user somehow, and since it is transient it is not able to associate that user correctly even though we use email as the username? <br><br>Any insights on this would be helpful.<br><br>Thanks,<br>Robin</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>