Hello,
I'd like to be able to do the following with Keycloak - but I'm a bit stuck on the mapping stage and was wondering if anyone had any suggestions on how to achieve it please?
prerequisite: Keycloak is configured with an LDAP user federation to import accounts (but these accounts do NOT have passwords, so users cannot log into them directly), and an OpenID Connect IdP for login.
1. User logs in via the OpenIDC provider
2. Users OpenIDC login (linked account) is linked/bound/mapped to an existing LDAP user. We assume there is something in LDAP (either their email or sub or similar) that can be used to make sure that the user login in via an IdP is the same one in LDAP.
3. User is able to login with their identity provider, but their account username, details etc. are actually from LDAP
Is something like this possible please?
Thank you!
Will.