Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13392

Oracle DB only - case sensitivity of federated provider user id

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 8.0.1
    • Fix Version/s: Backlog
    • Component/s: Database
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      Use an Oracle database as the backend for Keycloak
      Log in with a federated user with "Provider user id" abc
      The user is created and the link is also created (abc)
      Now either change the link to aBc locally, or log in with another user that has aBc as its "Provider user id"
      Then attempt to log in again
      You will see the error "Unexpected error when authenticating with identity provider"
      And the following line in the log file:
      unique constraint (SSO.CONSTRAINT_40) violated

      Show
      Use an Oracle database as the backend for Keycloak Log in with a federated user with "Provider user id" abc The user is created and the link is also created (abc) Now either change the link to aBc locally, or log in with another user that has aBc as its "Provider user id" Then attempt to log in again You will see the error "Unexpected error when authenticating with identity provider" And the following line in the log file: unique constraint (SSO.CONSTRAINT_40) violated
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When a user returns from an external identity provider with an assertion/code and the "provider user id" already exists, but does not have the same case, then the "first broker login" seems to be triggered.

      Then, when Keycloak attempts to create the user (Create user if unique), it shows the user the error message "Unexpected error when authenticating with identity provider" and the following error is seen in the log files:

      unique constraint (SSO.CONSTRAINT_40) violated
      ...
      javax.persistence.PersistenceException: org.hibernate.exception.ConstraintViolationException: could not execute statement

      I tested this on another installation, also 8.0.1 with MariaDB: there it doesn't seem to do this (the user is found and logged in). I have to mention that the test with the MariaDB was OIDC, while the test with Oracle was SAML, but I don't think that will make a difference?

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                hmlnarik Hynek Mlnařík
                Reporter:
                braddahi Brahim Raddahi
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: