Hi !
I am setting up a Keycloak right now connected to an ADFS IdP provider.
Everything is working great so far 
But we are facing an issue with an AD user migration : changing logins to uppercase.
Afftected logins receive an error in Keycloak because Keycloak is trying to create a new account.
As the upn of the users don’t change, Keycloak says we try to create a new account with an already existing upn (which makes sense ).
After testing by removing an affected user, we found that the “Provider User ID” in the “Identity Provider Links” in the user has changed.
I’m trying to find out where this ID come from ? Is it related to the “sub” field retrieved by the userinfo request ?
Is there a way to change what’s considered for this ID ? Like using the upn as well ?
Thanks a lot for your replies and for developping such a great tool !
Fabien Charlet