[keycloak-dev] Is it possible to combine Kerberos authentication with an User Federation Provider?
Vito Vessia
vvessia at katamail.com
Sat Sep 12 10:30:07 EDT 2015
Hi all,
I've a legacy solution that uses its own users (included the password) and
roles database, so due to the migration to Keycloack I've written a User
Federation Provider. Optionally some users may use their Active Directory
credentials to log in on the realm and my User Federation Provider is able
to manage both cases. So I don't use the official LDAP User Federation
Provider provided by Keycloack. I'd like to offer to users mapped on LDAP
the Kerberos authentication. Is it possible to create a similar login
pipeline:
1) The User Kerberos token is valid, so Keycloack grabs it and then calls
my User Federation Provider passing it the username that comes from
Kerberos;
2) OR, the User Kerberos token is NOT valid, so Keycloack shows the login
page to the user and then passes the credentials to my User Federation
Provider.
Thank you in advance,
--Vito
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150912/3e1e828d/attachment-0001.html
More information about the keycloak-dev
mailing list