I’m currently testing Vault and learning to setup a working environment in Kubernetes/Minikube with a proper configuration and integration with a Keycloak IDP.
I do currently not quite understand why when I try to create two group aliases that only one of them is actually created, usually the later one.
I did try to use distinct alias names, but it did lead to the same problem.
Here is a reference to what I do in order to create my environment:
According to the documentation external groups may only have one alias: Identity - Secrets Engines | Vault by HashiCorp
I ran into a similar issue and ended up creating two Identity groups - one for OIDC and one for JWT and associating the corresponding alias to the appropriate group.
Alternatively, I believe you can create an internal group that has both external groups as members and apply multiple aliases to the internal group.
In my case our coexistence is going to be short lived so we didn’t want to introduce the complexity.