I got one issue when trying the above suggestion. After syncing with keycloak, it is creating one more entry in the USER table. ie there are two entries with same email id(firstname.lastname@example.org). so i am getting error (below)
javax.persistence.NonUniqueResultException: result returns more than one elements
To avoid this problem, i was trying like the above.
hmm.. the admin user needs to be always created in APS. In case of LDAP sync that didn't cause any issues. I guess that you shouldn't create that user in Keycloak. You can set another user to have super admin permissions.
Actually, we are having one app in production which was deployed in admin user(email@example.com). Now client wants multiple AD support to our application. So we are going with keycloak approach. I am planning sync all the users except admin user from keycloak. is it a correct approach. can you please suggest what kind of approach i have follow?