we noticed a problem trying to use Keycloak as Identity Provider with a SAML IdP
The IdP returns user names in upper case (e.g. “USER”) and keycloak converts them to lower
case to store them internally (“user”), this works as expected. It also seems to store
“USER” for reference in a separate field, so this information isn’t lost.
Now, as soon as a user loses the session of KC and the SAML IdP, KC tries to parse the new
response from the IdP trying to find “USER” in it’s database, which it doesn’t. It the
triggers the first login flow, which fails because of unique key violation.
Federated user not found for provider 'saml' and broker username ‘USER’
ERROR: duplicate key value violates unique constraint "constraint_40"
Detail: Key (identity_provider, user_id)=(saml, <uuid removed by me>) already
I have the strong suspicion, that KC is missing a toLowercase() at that process
Can somebody confirm this behavior so we can turn this into a bug report? Is there a
workaround for this?
Show replies by thread