10:17 a.m.
Hi Team,
Thanks for immediate response. As both users are different persons and reside in different
domain with different email id, I was expecting it to treat as different user and in fact
objectguid will be different for both users. And as both users belong to same
organisation, I can't use different realm also.
Is there any workaround available for this?
Thanks
Harish
--------------------------------------------
On Fri, 2/10/17, Bill Burke <bburke(a)redhat.com> wrote:
Subject: Re: [keycloak-user] Issue with LDAP federation import
To: keycloak-user(a)lists.jboss.org
Date: Friday, February 10, 2017, 8:27 PM
You can't have 2
users with same username. The sync is pulling users
from 2nd federation provider, sees that its
already been imported (by
1st Federation
sync) and fails to import that user.
On 2/10/17 9:32 AM, harish jadhav wrote:
Hello Keycloak Team,
I am new to keycloak and trying to integrate with my
application. Just to do some kind of analysis, I have
started with LDAP import. I have two LDAP servers having
different domains say tkd.com and teckno.com respectively (
running at 172.16.11.100 and 172.16.12.100 respectively) and
I am able to import the users from both the directories. I
have created two LDAP federation in single realm.
However
one issue which I am facing is I am unable to import one
particular user by second federation - I have one user
having name ronny(a)tkd.com
with username Ronny in 172.16.11.100 and ronny(a)teckno.com
with same username Ronny in 172.16.12.100. The error I am
getting is
User
'Ronny' is not updated during sync as he already
exists in Keycloak database but is not linked to federation
provider '1081bf4c-b54d-44db-b172-b229ae6aad4e'
Can you please help on how to sync both
users as technically
both users are different having
different email ids and domains.
Thanks
in advance.
ThanksHarish
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:23 a.m.
New subject: Issue with LDAP federation import
Team,
Can some one help on this please?
ThanksHarish
On Friday, February 10, 2017 9:47 PM, harish jadhav <harishjadhav1979(a)yahoo.com>
wrote:
Hi Team,
Thanks for immediate response. As both users are different persons and reside in different
domain with different email id, I was expecting it to treat as different user and in fact
objectguid will be different for both users. And as both users belong to same
organisation, I can't use different realm also.
Is there any workaround available for this?
Thanks
Harish
--------------------------------------------
On Fri, 2/10/17, Bill Burke <bburke(a)redhat.com> wrote:
Subject: Re: [keycloak-user] Issue with LDAP federation import
To: keycloak-user(a)lists.jboss.org
Date: Friday, February 10, 2017, 8:27 PM
You can't have 2
users with same username. The sync is pulling users
from 2nd federation provider, sees that its
already been imported (by
1st Federation
sync) and fails to import that user.
On 2/10/17 9:32 AM, harish jadhav wrote:
Hello Keycloak Team,
I am new to keycloak and trying to integrate with my
application. Just to do some kind of analysis, I have
started with LDAP import. I have two LDAP servers having
different domains say tkd.com and teckno.com respectively (
running at 172.16.11.100 and 172.16.12.100 respectively) and
I am able to import the users from both the directories. I
have created two LDAP federation in single realm.
However
one issue which I am facing is I am unable to import one
particular user by second federation - I have one user
having name ronny(a)tkd.com
with username Ronny in 172.16.11.100 and ronny(a)teckno.com
with same username Ronny in 172.16.12.100. The error I am
getting is
User
'Ronny' is not updated during sync as he already
exists in Keycloak database but is not linked to federation
provider '1081bf4c-b54d-44db-b172-b229ae6aad4e'
Can you please help on how to sync both
users as technically
both users are different having
different email ids and domains.
Thanks
in advance.
ThanksHarish
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:41 a.m.
New subject: Issue with LDAP federation import
On 13.2.2017 13:23, harish jadhav wrote:
Team,
Can some one help on this please?
ThanksHarish
On Friday, February 10, 2017 9:47 PM, harish jadhav
<harishjadhav1979(a)yahoo.com> wrote:
Hi Team,
Thanks for immediate response. As both users are different persons and reside in
different domain with different email id, I was expecting it to treat as different user
and in fact objectguid will be different for both users. And as both users belong to same
organisation, I can't use different realm also.
Is there any workaround available for this?
Thanks
Harish
--------------------------------------------
On Fri, 2/10/17, Bill Burke <bburke(a)redhat.com> wrote:
Subject: Re: [keycloak-user] Issue with LDAP federation import
To: keycloak-user(a)lists.jboss.org
Date: Friday, February 10, 2017, 8:27 PM
You can't have 2
users with same username. The sync is pulling users
from 2nd federation provider, sees that its
already been imported (by
1st Federation
sync) and fails to import that user.
Imagine the use case, you are having 2
separate organizations, or
recently handled separately
and you now want to migrate all users under the same domain.
It would be good to have a feature, which allows you to identify users -
which failed and being able to
sync them manually afterwards or via semi-automated way - asking either
for
- migration of new userinfo under the existing username
- pulling the user info, but with changed username
however, this sounds like a completely new feature different from what
original question was
On 2/10/17 9:32 AM, harish jadhav wrote:
> Hello Keycloak Team,
>
I am new to keycloak and trying to integrate with my
application. Just to do some kind of analysis, I have
started with LDAP import. I have two LDAP servers having
different domains say tkd.com and teckno.com respectively (
running at 172.16.11.100 and 172.16.12.100 respectively) and
I am able to import the users from both the directories. I
have created two LDAP federation in single realm.
>
> However
one issue which I am facing is I am unable to import one
particular user by second federation - I have one user
having name ronny(a)tkd.com
with username Ronny in 172.16.11.100 and ronny(a)teckno.com
with same username Ronny in 172.16.12.100. The error I am
getting is
>
> User
'Ronny' is not updated during sync as he already
exists in Keycloak database but is not linked to federation
provider '1081bf4c-b54d-44db-b172-b229ae6aad4e'
> Can you please help on how to sync both
users as technically both users are different having
different email ids and domains.
> Thanks
in advance.
> ThanksHarish
>
_______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:57 a.m.
New subject: Issue with LDAP federation import
Hi Harish
There's a workaround and it's a little tricky and might need some more effort.
Our LDAP structure is a little vague and different from what it should be but that choice
was made a long time. However, our workaround could be applied to your issue as well. Pick
an attribute of your LDAP object that is absolutely unique to any object like the username
should be but then another object.
For example:
Pick attribute veryUniqueAttr instead of uid as username.
Then develop your own authenticator:
* Queries for users based on the actual username and might return multiple users;
* Iterate through the users and check if the password matches the input;
* If the password matches, then set the context to success and set the last iterated user
as user into the session.
* If none matches, then login failed.
It's simple and affective but I don't like the sound of it. I highly recommend you
creating TWO realms instead. Google for 'Keycloak multi-tenant' and you'd find
an easy way to use the same Keycloak Client with two realms and I think that may solve
your problem.
-----Oorspronkelijk bericht-----
Van: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
Namens harish jadhav
Verzonden: maandag 13 februari 2017 13:24
Aan: keycloak-user(a)lists.jboss.org; Bill Burke <bburke(a)redhat.com>
Onderwerp: Re: [keycloak-user] Issue with LDAP federation import
Team,
Can some one help on this please?
ThanksHarish
On Friday, February 10, 2017 9:47 PM, harish jadhav <harishjadhav1979(a)yahoo.com>
wrote:
Hi Team,
Thanks for immediate response. As both users are different persons and reside in different
domain with different email id, I was expecting it to treat as different user and in fact
objectguid will be different for both users. And as both users belong to same
organisation, I can't use different realm also.
Is there any workaround available for this?
Thanks
Harish
--------------------------------------------
On Fri, 2/10/17, Bill Burke <bburke(a)redhat.com> wrote:
Subject: Re: [keycloak-user] Issue with LDAP federation import
To: keycloak-user(a)lists.jboss.org
Date: Friday, February 10, 2017, 8:27 PM
You can't have 2
users with same username. The sync is pulling users from 2nd federation provider, sees
that its already been imported (by 1st Federation
sync) and fails to import that user.
On 2/10/17 9:32 AM, harish jadhav wrote:
Hello Keycloak Team,
I am new to keycloak and trying to integrate with my
application. Just to do some kind of analysis, I have
started with LDAP import. I have two LDAP servers having
different domains say tkd.com and teckno.com respectively (
running at 172.16.11.100 and 172.16.12.100 respectively) and
I am able to import the users from both the directories. I
have created two LDAP federation in single realm.
However
one issue which I am facing is I am unable to import one
particular user by second federation - I have one user
having name ronny(a)tkd.com
with username Ronny in 172.16.11.100 and ronny(a)teckno.com
with same username Ronny in 172.16.12.100. The error I am
getting is
User
'Ronny' is not updated during sync as he already
exists in Keycloak database but is not linked to federation
provider '1081bf4c-b54d-44db-b172-b229ae6aad4e'
Can you please help on how to sync both
users as technically
both users are different having
different email ids and domains.
Thanks
in advance.
ThanksHarish
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:15 a.m.
New subject: Issue with LDAP federation import
Thank you all of you for guiding me to solve the problem. I can now think on suggested
approaches and come up with solution, different realm tagging to same KC client should be
an acceptable solution.
Thank you very much !
Harish
On Monday, February 13, 2017 6:33 PM, Kevin Berendsen
<kevin.berendsen(a)pharmapartners.nl> wrote:
Hi Harish
There's a workaround and it's a little tricky and might need some more effort.
Our LDAP structure is a little vague and different from what it should be but that choice
was made a long time. However, our workaround could be applied to your issue as well. Pick
an attribute of your LDAP object that is absolutely unique to any object like the username
should be but then another object.
For example:
Pick attribute veryUniqueAttr instead of uid as username.
Then develop your own authenticator:
* Queries for users based on the actual username and might return multiple users;
* Iterate through the users and check if the password matches the input;
* If the password matches, then set the context to success and set the last iterated user
as user into the session.
* If none matches, then login failed.
It's simple and affective but I don't like the sound of it. I highly recommend you
creating TWO realms instead. Google for 'Keycloak multi-tenant' and you'd find
an easy way to use the same Keycloak Client with two realms and I think that may solve
your problem.
-----Oorspronkelijk bericht-----
Van: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
Namens harish jadhav
Verzonden: maandag 13 februari 2017 13:24
Aan: keycloak-user(a)lists.jboss.org; Bill Burke <bburke(a)redhat.com>
Onderwerp: Re: [keycloak-user] Issue with LDAP federation import
Team,
Can some one help on this please?
ThanksHarish
On Friday, February 10, 2017 9:47 PM, harish jadhav <harishjadhav1979(a)yahoo.com>
wrote:
Hi Team,
Thanks for immediate response. As both users are different persons and reside in different
domain with different email id, I was expecting it to treat as different user and in fact
objectguid will be different for both users. And as both users belong to same
organisation, I can't use different realm also.
Is there any workaround available for this?
Thanks
Harish
--------------------------------------------
On Fri, 2/10/17, Bill Burke <bburke(a)redhat.com> wrote:
Subject: Re: [keycloak-user] Issue with LDAP federation import
To: keycloak-user(a)lists.jboss.org
Date: Friday, February 10, 2017, 8:27 PM
You can't have 2
users with same username. The sync is pulling users from 2nd federation provider, sees
that its already been imported (by 1st Federation
sync) and fails to import that user.
On 2/10/17 9:32 AM, harish jadhav wrote:
Hello Keycloak Team,
I am new to keycloak and trying to integrate with my
application. Just to do some kind of analysis, I have
started with LDAP import. I have two LDAP servers having
different domains say tkd.com and teckno.com respectively (
running at 172.16.11.100 and 172.16.12.100 respectively) and
I am able to import the users from both the directories. I
have created two LDAP federation in single realm.
However
one issue which I am facing is I am unable to import one
particular user by second federation - I have one user
having name ronny(a)tkd.com
with username Ronny in 172.16.11.100 and ronny(a)teckno.com
with same username Ronny in 172.16.12.100. The error I am
getting is
User
'Ronny' is not updated during sync as he already
exists in Keycloak database but is not linked to federation
provider '1081bf4c-b54d-44db-b172-b229ae6aad4e'
Can you please help on how to sync both
users as technically
both users are different having
different email ids and domains.
Thanks
in advance.
ThanksHarish
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2874
days inactive
2877
days old
4 comments
3 participants
participants (3)
-
harish jadhav -
Kevin Berendsen -
pslegr