Email already exists

prapo747 · March 22, 2024, 2:17pm

Hello!

I have 2 LDAP servers that sync into kc, Users and Customers.
Sometimes a Customer becomes a User (without being removed from the Customer db) so when they try to login, they get an error during login: Email already exists.
Log error: 2024-03-22 14:00:44,419 ERROR [org.keycloak.services] (executor-thread-19518) KC-SERVICES0024: : org.keycloak.models.ModelDuplicateException: Can't import user 'user42221' from LDAP because email 'xyz@company.com' already exists in Keycloak. Existing user with this email is 'customer42221'

I usually circumvent this by clearing the cache for the Customer Federation bucket but I was hoping for a more permanent solution. I was hoping that the sync that happens in keycloak would not pull records with an email that already exists.

Thanks in advance.
Peter

hberrayana · March 25, 2024, 9:47am

You have 2 options:

Use the same Realm and implement specific client roles: for each oath client you’d have different roles and then you’d be able to distinguish between B2C users and B2E users (Ldap users). In this case you have to authenticate with different clients for each use case.
Implement separate Realms one for B2C (customers) and one for B2E.

Im using the second approach.

Topic		Replies	Views
Local users and user from federation with duplicate usernames or emails are not imported Getting advice user-federation , ldap	0	1014	November 25, 2022
Errors in users in Keycloak Database clashing with read-only ldap Configuring the server authentication , ldap , oidc	0	774	June 21, 2021
LDAP create email based on two ldap attributes Getting advice ldap	0	595	July 5, 2021
Handling name changes in federated LDAP Configuring the server user-federation , ldap	0	545	July 27, 2021
Link existing account to federation provider Configuring the server ldap	4	3267	February 9, 2023

Email already exists

Related Topics