[keycloak-user] Creating a federated user via REST API creates an incorrect entry in the CREDENTIAL table
Rainer-Harbach Marian
marian.rainer-harbach at apa.at
Wed Sep 13 03:36:06 EDT 2017
Hi everyone,
about two weeks ago I stumbled upon a phenomenon which I believe to be a
bug in Keycloak. The error occurs when creating a new user via the REST
API in a realm configured with LDAP user federation: The user is created
in LDAP, but without a password -- instead, Keycloak creates an entry
for the user in its internal CREDENTIAL database table.
When the user later changes their password, Keycloak writes the new
password to LDAP, but keeps the old entry in the CREDENTIAL table. The
user can then still only login with the old password.
I created a Jira ticket for this problem:
https://issues.jboss.org/browse/KEYCLOAK-5383
It would be very helpful to us if someone could check if they can
reproduce the problem (maybe we are doing something wrong?) and if it's
indeed a bug in Keycloak to give an estimate when it might be fixed.
The bug is a blocker in our project to deploy Keycloak for about 100k users.
Thanks,
Marian
More information about the keycloak-user
mailing list