Possibility to use LDAP as IDM and additionally Keycloak Omniauth configuration as SSO provider


we have configured LDAP as the authentication provider and want to also enable SSO based on the Omniauth provider with Keycloak backend.

Currently it is not possible to activate the SSO feature in the user profile (Service sign-in).
Error 422 email has already been taken


  • Change Keycloak client configuration to use NameID format = email
  • Change Gitlab configuration to use urn:oasis:names:tc:SAML :1.1 :nameid -format:emailAddress
  • Change Gitlab configuration to use omniauth_auto_link_saml_user = true instead of omniauth_auto_link_user = saml