Hi Thomas,

The shibboleth that we have configured looks like this (attached are the values for the attribute-resolver & attribute-filters). 
By keycloak configuration do you mean the export of the metadata? I could attach that as well. Kindly let me know 

Thanks,
Robin

On Mon, Jun 6, 2016 at 1:22 PM, Thomas Darimont <thomas.darimont@googlemail.com> wrote:
Hello Robin,

do you have an example configuration for Shibboleth + Keycloak at hand?

Cheers,
Thomas

2016-06-06 19:18 GMT+02:00 robinfernandes . <robin1233@gmail.com>:
Hi All,

We have a situation where the customer is using Shibboleth IdP and sending the NAMEID in the transient format to Keycloak which acts as an SP. However, we use one of the SAML attributes which is email to store that as the username for the user. 

However, after the first login, all subsequent logins fail with the error "User with username already exists." I presume that this is because the NAMEID which is transient is associated with that user somehow, and since it is transient it is not able to associate that user correctly even though we use email as the username? 

Any insights on this would be helpful.

Thanks,
Robin

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user