LDAP with OpenID connect SSO with Keycloak

support
1

Dear All,
I am bit new on this.
in my currant setup, we are not using local login and have installed LDAP plug in to get authentication from Active directory and there are 50 users using.
Now due to compliance reason we have to use SSO with Keycloak.
Have setup Openid Connect with Keycloak and new user can login but existing users are getting message " Primary email has already been taken"

image
image592×604 19.6 KB

can any one please help me how to get this off- i want to keep LDAP plug in along with SSO ( Openid Connect) with Keycloak both active with same email address.

what wrong i am doing ???

2

And the existing users can’t log in but are asked to create a new account? They should be matched by email address.

If you use sso then that is the only login you can use. I think you’ll need to migrate your existing users to the SSO system.

3

Thank you so much, i have one query.

Existing users from LDAP login can login without any issue, only SSo users are getting creation popup.
I have 2 plugin, i) LDAP and ii) Openid Connect.

  1. i am ok to remove ldap users and ask them
    To login via SSO but, What will happen of those post which users have already posted from LDAP login ?
  2. Can they come back to LDAP login from SSO in near future ?
  3. when user coming from SSO, they are getting email notification for activation, how to avoid this ? Ldap users are not getting this and they can directly login

User from LDAP and SSO both are from same active directory.

Appreciate your quick revert.