Steffen Zieger

Let me phrase it differently: I'd like to have multiple SCIM Clients, each of them with a different set of users, limited by e.g. a role specific to a client....

It's hard for me to wrap my head around that. I thought `externalId` is meant to be provided by the SCIM client (keycloak, in this case) and identifies a user....

Checking scim.cloud and the rfc, it seems as I'm right about the externalID being an identifier from the scim client. I don't want to be annoying on this topic, but...

The externalID is defined by the scim client (keycloak or your plugin) not the CSP (e.g. bitwarden). Otherwise, it won't be possible to have an externalID set while creating a...

This information isn't correct. Please see the description of `id` and `externalId` in the `Common Attributes` section of [RFC7643](https://datatracker.ietf.org/doc/html/rfc7643#section-3.1).

Even if you want to store the remote id, this would just require a table with `service_provider_id`, `service_provider_uid` and `keycloak_uid` to get a proper mapping, as this is only required...

:+1: I'd be happy to see this in the future, if possible. :) For anybody reading through all comments (and it might also help you), there's another plugin https://github.com/mitodl/keycloak-scim which...

Fixes #161

Stopping apparmor and disabling the service wasn't fixing it for me. Adding `sudo aa-teardown` helped. ``` sudo aa-teardown || true sudo systemctl disable --now apparmor.service ``` Note: there's [a bug](https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2093797)...

@hartwork `systemctl disable --now` will stop and disable the service. Without `aa-teardown` apparmor profiles are still loaded and it's not working as before.