after lots of research in this list, we managed to add a keycloak login to mailman3.
MAILMAN_WEB_SOCIAL_AUTH = ["allauth.socialaccount.providers.keycloak"] # OIDC_CREATE_USER = False SOCIALACCOUNT_PROVIDERS = { 'keycloak': { 'KEYCLOAK_URL': 'https://keycloak.my.domain', 'KEYCLOAK_REALM': 'nct' # 'SCOPE': ['profile', 'email', 'preferred_username'], } }
and some entries in https://mailman.my.domain/admin/socialaccount/socialapp
This works perfectly for non-existing users/emails. They are created and they are able to subscribe to lists. But, when a user already exists, this does not work; the user gets a password reset email like "...an account using that email address already exists. In case you have forgotten about this, please use the password forgotten procedure to recover your account:..." Which kind of setting/tweak is needed to associate social login accounts to existing mail addresses?