Hi Thomas,
The shibboleth that we have configured looks like this (attached are the
values for the attribute-resolver & attribute-filters).
By keycloak configuration do you mean the export of the metadata? I could
attach that as well. Kindly let me know
Thanks,
Robin
On Mon, Jun 6, 2016 at 1:22 PM, Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
Hello Robin,
do you have an example configuration for Shibboleth + Keycloak at hand?
Cheers,
Thomas
2016-06-06 19:18 GMT+02:00 robinfernandes . <robin1233(a)gmail.com>:
> Hi All,
>
> We have a situation where the customer is using Shibboleth IdP and
> sending the NAMEID in the transient format to Keycloak which acts as an SP.
> However, we use one of the SAML attributes which is email to store that as
> the username for the user.
>
> However, after the first login, all subsequent logins fail with the error
> "User with username already exists." I presume that this is because the
> NAMEID which is transient is associated with that user somehow, and since
> it is transient it is not able to associate that user correctly even though
> we use email as the username?
>
> Any insights on this would be helpful.
>
> Thanks,
> Robin
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>