[keycloak-user] Problem with upper case user names of Identity Provider
David Sautter
David.Sautter at rohde-schwarz.com
Tue Aug 6 03:21:21 EDT 2019
Hello,
we noticed a problem trying to use Keycloak as Identity Provider with a SAML IdP Backend.
The IdP returns user names in upper case (e.g. “USER”) and keycloak converts them to lower case to store them internally (“user”), this works as expected. It also seems to store “USER” for reference in a separate field, so this information isn’t lost.
Now, as soon as a user loses the session of KC and the SAML IdP, KC tries to parse the new response from the IdP trying to find “USER” in it’s database, which it doesn’t. It the triggers the first login flow, which fails because of unique key violation.
Federated user not found for provider 'saml' and broker username ‘USER’
ERROR: duplicate key value violates unique constraint "constraint_40"
Detail: Key (identity_provider, user_id)=(saml, <uuid removed by me>) already exists.
I have the strong suspicion, that KC is missing a toLowercase() at that process somewhere.
Can somebody confirm this behavior so we can turn this into a bug report? Is there a workaround for this?
Kind regards,
David
More information about the keycloak-user
mailing list