The shibboleth that we have configured looks like this (attached are the
values for the attribute-resolver & attribute-filters).
By keycloak configuration do you mean the export of the metadata? I could
attach that as well. Kindly let me know
On Mon, Jun 6, 2016 at 1:22 PM, Thomas Darimont <
do you have an example configuration for Shibboleth + Keycloak at hand?
2016-06-06 19:18 GMT+02:00 robinfernandes . <robin1233(a)gmail.com>:
> Hi All,
> We have a situation where the customer is using Shibboleth IdP and
> sending the NAMEID in the transient format to Keycloak which acts as an SP.
> However, we use one of the SAML attributes which is email to store that as
> the username for the user.
> However, after the first login, all subsequent logins fail with the error
> "User with username already exists." I presume that this is because the
> NAMEID which is transient is associated with that user somehow, and since
> it is transient it is not able to associate that user correctly even though
> we use email as the username?
> Any insights on this would be helpful.
> keycloak-user mailing list