-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keycloak and User Synchronization #261
Comments
Also, there is an issue with updating the password (it will be updated only in the identity user) #262 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Keycloak, the user ID should be the same as the ID in the identity users table. The "sub" claim in the token should exist in users.
Currently, when creating users in EShopIdentityUserAppService, the ID will not be the same:
eShopOnAbp/services/identity/src/EShopOnAbp.IdentityService.Application/Identity/EShopIdentityUserAppService.cs
Line 38 in 327fbcc
Each one will create a different ID.
When CreateUserLoggedInEto is executed:
eShopOnAbp/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs
Line 199 in 327fbcc
and the event is published:
eShopOnAbp/services/identity/src/EShopOnAbp.IdentityService.Application/UserLoggedInEventHandler.cs
Line 34 in 327fbcc
For the admin user, this process is fine as it will delete and re-create the admin user to match the ID.
However, for other users, it will attempt to re-create them with the same username but without roles. This can lead to validation issues when creating a new user with the same name.
We are trying to integrate an ABP project with Keycloak. The issue is with the first created user, "admin." We need to sync it with Keycloak in Data Seeder.
The text was updated successfully, but these errors were encountered: