Keycloak SSO - how to map only existing Keycloak users to Nextcloud users without creating new

Hi, I would like to use Keycloak as SSO provider fo Nextcloud 18.

I followed the instructions:

I have installed Social Login app

I do not want to auto-create users in nextcloud after they login using SSO. I just want to allow existing Nextcloud users to login via SSO using OpenID connect protocol.
Users in Keycloak and Nextcloud have the same login name and email. I also want to solve permissions and user groups in Nextcloud, not map it from Keycloak.

In social login app I have checked “Disable auto create new users”.

After I try to login using keycloak, I got following error: “Auto creating new users is disabled” and login fails. But user with the same login name exists in Nextcloud and Keycloak.

I need to keep the possibility of logging in with the local Nexcloud account without using SSO.

What I do bad?
Is it necessary to set Mappers in Keycloak client? But how? I tried everything possible, but still without success.
I think I need to set up login and email mapping.

Thanks for help.

the author of sociallogin app refuses to “auto-link” existing users to oidc providers (with reasons - I don’t agree but the reasons are reasonable)

Is it possible to manually link existing users to the keycloak instance?

yes. each user can login into Nextcloud and link his account to different providers from sociallogin