[keycloak-dev] Need inputs on scenario related to Keycloak SAML Broker IDP SSO
abhijit gokhale
abhigokhale at gmail.com
Fri Sep 27 17:21:57 EDT 2019
Hi Team,
In our current workflow of customer onboarding, we are provisioning
customer users from their IDP (like ADFS) into Keycloak via script. As part
of this process once user is created in Keycloak, the script creates IDP
linking for the user and for this purpose script uses the Keycloak username
field and use it in Provider User Id and Provider Username fields of IDP
linking.
As Keycloak stores the username in lowercase format the same value with
lowercase gets reflected in the Provider User Id field (e.g.
abhigokhale at gmail.com). The problem is if the SAML response contain Name ID
with mix case (say Abhigokhale at gmail.com) then Keycloak displays the
message that user with the same email already exist. Please note, we are
using First login flow with only Create User If Unique authenticator
enabled and rest as disabled.
I would like to get your opinion if Keycloak shall handle this scenario as
its storing the username with lowercase.
Thanks & Regards,
Abhijit
More information about the keycloak-dev
mailing list