diff --git a/saml-core/src/main/java/org/keycloak/rotation/HardcodedKeyLocator.java b/saml-core/src/main/java/org/keycloak/rotation/HardcodedKeyLocator.java
index c7797ec5f5..74bfa1f18d 100644
--- a/saml-core/src/main/java/org/keycloak/rotation/HardcodedKeyLocator.java
+++ b/saml-core/src/main/java/org/keycloak/rotation/HardcodedKeyLocator.java
@@ -46,14 +46,14 @@ public class HardcodedKeyLocator implements KeyLocator, Iterable<Key> {
         Objects.requireNonNull(keys, "Keys must not be null");
         this.byName = Collections.emptyMap();
         this.byKey = Collections.unmodifiableMap(keys.stream().collect(
-                Collectors.toMap(k -> new KeyHash(k), k -> k)));
+                Collectors.toMap(k -> new KeyHash(k), k -> k, (k1, k2) -> k1)));
     }
 
     public HardcodedKeyLocator(Map<String, ? extends Key> keys) {
         Objects.requireNonNull(keys, "Keys must not be null");
         this.byName = Collections.unmodifiableMap(keys);
         this.byKey = Collections.unmodifiableMap(keys.values().stream().collect(
-                Collectors.toMap(k -> new KeyHash(k), k -> k)));
+                Collectors.toMap(k -> new KeyHash(k), k -> k, (k1, k2) -> k1)));
     }
 
     @Override
diff --git a/saml-core/src/test/java/org/keycloak/rotation/HardcodedKeyLocatorTest.java b/saml-core/src/test/java/org/keycloak/rotation/HardcodedKeyLocatorTest.java
index aaaa935cf3..3ea6c21f73 100644
--- a/saml-core/src/test/java/org/keycloak/rotation/HardcodedKeyLocatorTest.java
+++ b/saml-core/src/test/java/org/keycloak/rotation/HardcodedKeyLocatorTest.java
@@ -139,4 +139,13 @@ public class HardcodedKeyLocatorTest {
         Assert.assertNotNull(found);
         Assert.assertEquals(cert1.getPublicKey(), found);
     }
+
+    @Test
+    public void testDuplicateKey() throws Exception {
+        KeyLocator locator = createLocatorWithoutName(cert1, cert1);
+        KeyInfo info = XMLSignatureUtil.createKeyInfo(null, null, cert1);
+        Key found = locator.getKey(info);
+        Assert.assertNotNull(found);
+        Assert.assertEquals(cert1.getPublicKey(), found);
+    }
 }