User locked out if the Keycloak realm changed #1349

New issue

Open

opened 2026-02-20 18:07:54 -05:00 by deekerman · 0 comments

deekerman commented 2026-02-20 18:07:54 -05:00

Owner

Copy link

Originally created by @patrickdung on GitHub (Apr 11, 2020).

Originally assigned to: @NGPixel on GitHub.

Describe the bug
Suppose the Keycloak is configured in Wikijs with realm called master. The setting is openid-connect.
This is a mis-configuration. Now we the Keycloak create a new realm for this and called the realm 'external'.

Currently in Wikijs. it does not allow users to be removed if they have created content. So I can't delete the user and relink it with the new realm.

The Keycloak connection setting in Wikijs is updated to the new realm. But the existing users could not login. It is because the uid/providerId of the users are different in the master and the external realm.
Host Info (please complete the following information):*
Wiki.js 2.2.51
Keycloak 9.0.2

Additional context
As a workaround, I update the providerId of the user in the database of Wiki.js. Now the user can login to the new realm.

Please provide a suitable way for this problem, like:
Allow relinking user to a new relam with different providerId or
Allow manually edit providerId in the admin web console or
Allow multiple users with same email address but different providerId to exist in the Wiki.js system or
any other suitable ways

Originally created by @patrickdung on GitHub (Apr 11, 2020). Originally assigned to: @NGPixel on GitHub. **Describe the bug** Suppose the Keycloak is configured in Wikijs with realm called master. The setting is openid-connect. This is a mis-configuration. Now we the Keycloak create a new realm for this and called the realm 'external'. Currently in Wikijs. it does not allow users to be removed if they have created content. So I can't delete the user and relink it with the new realm. The Keycloak connection setting in Wikijs is updated to the new realm. But the existing users could not login. It is because the uid/providerId of the users are different in the master and the external realm. *Host Info (please complete the following information):** Wiki.js 2.2.51 Keycloak 9.0.2 **Additional context** As a workaround, I update the providerId of the user in the database of Wiki.js. Now the user can login to the new realm. Please provide a suitable way for this problem, like: Allow relinking user to a new relam with different providerId or Allow manually edit providerId in the admin web console or Allow multiple users with same email address but different providerId to exist in the Wiki.js system or any other suitable ways

deekerman added the

enhancement

contrib-medium

labels 2026-02-20 18:07:54 -05:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

scarlett

vega

feat-toc

v2.5.312

v2.5.311

v2.5.310

v2.5.309

v2.5.308

v2.5.307

v2.5.306

v2.5.305

v2.5.304

v2.5.303

v2.5.302

v2.5.301

v2.5.300

v2.5.299

v2.5.298

v2.5.297

v2.5.296

v2.5.295

v2.5.294

v2.5.293

v2.5.292

v2.5.291

v2.5.290

v2.5.289

v2.5.288

v2.5.287

v2.5.286

v2.5.285

v2.5.284

v2.5.283

v2.5.282

v2.5.281

v2.5.280

v2.5.279

v2.5.278

v2.5.277

v2.5.276

v2.5.275

2.5.274

2.5.272

2.5.268

2.5.264

2.5.260

2.5.255

2.5.254

2.5.219

2.5.214

2.5.201

2.5.197

2.5.191

2.5.170

2.5.159

2.5.144

2.5.136

2.5.132

2.5.126

2.5.121

2.5.117

2.5.105

2.4.107

2.4.105

2.4.75

2.3.81

2.3.77

2.3.72

2.3.71

2.2.51

2.2.50

2.1.113

2.0.12

2.0.1

2.0.0-rc.17

2.0.0-rc.1

2.0.0-beta.303

2.0.0-beta.275

2.0.0-beta.268

2.0.0-beta.267

2.0.0-beta.241

2.0.0-beta.230

2.0.0-beta.208

2.0.0-beta.203

2.0.0-beta.180

2.0.0-beta.174

2.0.0-beta.148

2.0.0-beta.147

2.0.0-beta.115

2.0.0-beta.91

2.0.0-beta.84

2.0.0-beta.68

2.0.0-beta.42

2.0.0-beta.11

v1.0.102

v1.0.78

v1.0.76

v1.0.68

v1.0.66

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.1

v1.0.0-beta.13

v1.0.0-beta.12

v1.0.0-beta.11

v1.0.0-beta.10

v1.0.0-beta.9

v1.0.0-beta.8

v1.0.0-beta.7

v1.0.0-beta.6

v1.0-beta.5

v1.0-beta.4

v1.0-beta.3

v1.0-beta.2

v1.0-beta.1

v1.0-alpha.7

v1.0-alpha.6

v1.0-alpha.5

v1.0-alpha.4

v1.0-alpha.3

v1.0-alpha.2

v1.0-alpha.1

Labels

Clear labels   

BETA

  

BETA

  

accessibility

  

backlog

  

bug

  

can't replicate

  

contrib-easy

  

contrib-hard

  

contrib-medium

  

deferred

  

documentation

  

duplicate

  

duplicate

  

editors

  

enhancement

  

invalid

  

localization

  

migrate

  

ui

  

under review

  

v3

No labels

BETA

BETA

accessibility

backlog

bug

can't replicate

contrib-easy

contrib-hard

contrib-medium

deferred

documentation

duplicate

duplicate

editors

enhancement

invalid

localization

migrate

ui

under review

v3

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/wiki-requarks#1349

No description provided.