[keycloak-user] Ability for user to have multiple IDP's of the same type per user

Ben Pittman bepittman at amplify.com
Fri Feb 8 15:53:44 EST 2019

Just wondering if anyone else would find this functionality useful.  I have
a custom IDP (not Google but similar, let's call it Acme IDP) that allows a
single email to have multiple identities.  For example me at acme.com could
login as an ADMINISTRATOR or a PURCHASER with the only difference being
what Keycloak calls the federated_user_id returned from ACME.

Currently this isn't supported in Keycloak because of the foreign key
constraint on federated_identity table (identity_provider, user_id).  If
this constraint is changed to (identity_provider, federated_user_id,
user_id) and the FederatedIdentityEntity.java class is changed to represent
the new constraint then voila I can support multiple IDP's of the same type
per user.

Just wondering if this has ever come up for anyone else before.


More information about the keycloak-user mailing list