Hello all,
i encountered following issue, while authenticating with our custom IdP inside our company. There are 3 possible ways to login into our IdP: user credentials, windows/kerberos login and login via card with certificate.
In logs i can see this message - which means, user is not yet linked to my IdP:
DEBUG [org.keycloak.services.resources.IdentityBrokerService] (executor-thread-656) Federated user not found for provider ‘IdP’ and broker username ‘company-mail’
But then after my First broker login flow i can see this error:
ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (executor-thread-656) ERROR: duplicate key value violates unique constraint “constraint_40”
Detail: Key (identity_provider, user_id)=(IdP, user’s UUID) already exists
These two messages seems contradicting. First one states, that there is no Federated user found (I even checked the DB table ‘federated_identity’, also user is linked in keycloak UI under ‘Identity provider links’ tab)
Second message states, that there is error - keycloak is not able to store record in ‘federated_identity’ table, because there already is one.
So my question is following. How is it possible, that during check there is no federation link, but then keycloak is not able to store it, because there already is one.
Thanks for your support.