[keycloak-user] Shibboleth IdP configuration issues with Keycloak as SP

robinfernandes . robin1233 at gmail.com
Mon Jun 6 13:18:10 EDT 2016


Hi All,

We have a situation where the customer is using Shibboleth IdP and sending
the NAMEID in the transient format to Keycloak which acts as an SP.
However, we use one of the SAML attributes which is email to store that as
the username for the user.

However, after the first login, all subsequent logins fail with the error
"User with username already exists." I presume that this is because the
NAMEID which is transient is associated with that user somehow, and since
it is transient it is not able to associate that user correctly even though
we use email as the username?

Any insights on this would be helpful.

Thanks,
Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160606/2475e15a/attachment.html 


More information about the keycloak-user mailing list