<div dir="ltr"><div><span style="font-size:12.8000001907349px">> This prompt is displayed when you display keycloak login screen in the browser?</span><br></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Yes (on Windows anyway, not on a Mac). You can cancel it and log as as you would normally with the Keycloak form.</span></div><div><br></div><div>> <span style="font-size:12.8000001907349px"> </span><span style="font-size:12.8000001907349px">Can you doublecheck that your user federation has "Allow kerberos login" switched to off and there is no "Kerberos" credential in required realm credentials?</span></div><div><br></div><div>This is a screenshot of the config.</div><div><br></div><div>I did play around with kerberos authentication, but it is definitely turned off now.</div><div><br></div><img src="cid:ii_iaipy2ne0_14dc08ffc89853d6" width="551" height="421"><br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 4, 2015 at 6:42 PM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
<div>On 4.6.2015 01:33, Matthew Casperson
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>We authenticate against a Windows domain using LDAP (and
not using Kerberos).</div>
<div><br>
</div>
<div>In KeyCloak 1.2.0, this prompt now appears when users are
asked to log in. The problem is that this prompt automatically
appends the domain to the username, and I can't see any LDAP
property that accepts the domain name.</div>
<div><br>
</div>
<div>We use the sAMAccountName property, which does not include
the domain, and looking at <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/ms677605%28v=vs.85%29.aspx" target="_blank">https://msdn.microsoft.com/en-us/library/windows/desktop/ms677605(v=vs.85).aspx</a>
I don't see any other property that will work with this
prompt.</div>
<div><br>
</div>
<div>We might be able to use userPrincipalName, but none of our
users have any experience logging in with an email address,
and I'd like to avoid the training overhead of this if
possible.</div>
<div><br>
</div>
<div>So my questions are:</div>
<div>1. Can I disable this prompt and use the standard keycloak
form based login?</div>
</div>
</blockquote></span>
This prompt is displayed when you display keycloak login screen in
the browser? Can you doublecheck that your user federation has
"Allow kerberos login" switched to off and there is no "Kerberos"
credential in required realm credentials?<br>
<br>
Marek<br>
<blockquote type="cite"><span class="">
<div dir="ltr">
<div>2. Is there an LDAP field that I can define in the keycloak
LDAP federation config that will accept a domain as part of
the username?</div>
<div><br>
</div>
<img src="cid:part2.00090508.07080505@redhat.com" height="240" width="434"><br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div><b><font face="tahoma, sans-serif">Matthew
Casperson</font></b></div>
<div><b><font face="tahoma, sans-serif">Senior Front End
Developer</font></b></div>
<div><font face="tahoma, sans-serif">Technology, Space
& Distribution</font></div>
<div><font face="tahoma, sans-serif">Auto & General
Holdings Pty Ltd</font></div>
<div><font face="tahoma, sans-serif">P: 07) 3377 </font><span style="font-family:tahoma,sans-serif;font-size:small">8751</span><font face="tahoma, sans-serif"> (Direct: 3377 </font><span style="font-family:tahoma,sans-serif;font-size:small">8751</span><font face="tahoma, sans-serif">)</font></div>
<div><font face="tahoma, sans-serif">F: 07) 3377 8833<br>
<br>
</font></div>
<img src="https://sites.google.com/a/autogeneral.com.au/logos/_/rsrc/1375661597693/home/autogeneral.gif" style="border:0px none;max-width:100%;font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;line-height:18px"><br>
</div>
</div>
</div>
</div>
</div>
<br>
</span><pre style="font-family:Menlo,Monaco,'Courier New',monospace;font-size:12px;white-space:pre-wrap;padding:8.5px;color:rgb(51,51,51);border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:4px;margin-top:0px;margin-bottom:9px;line-height:18px;background-color:rgb(245,245,245);border:1px solid rgba(0,0,0,0.14902);word-break:break-all;word-wrap:break-word">This email is sent by Auto & General Insurance Company Ltd, Auto & General Services Pty Ltd, Auto & General Holdings Pty Ltd or a related body corporate (Auto & General) and is for the intended addressee.
The views expressed in this email and attachments (email) reflect the views of the stated author but may not reflect views of Auto & General. This email is confidential and subject to copyright.
It may be privileged. If you are not the intended addressee, confidentiality and privilege have not been waived and any use, interference with, or disclosure of this email is unauthorised.
If you are not the intended addressee please immediately notify the sender and then delete the email. Auto & General does not warrant that this email is error or virus free.</pre>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><b><font face="tahoma, sans-serif">Matthew Casperson</font></b></div><div><b><font face="tahoma, sans-serif">Senior Front End Developer</font></b></div><div><font face="tahoma, sans-serif">Technology, Space & Distribution</font></div><div><font face="tahoma, sans-serif">Auto & General Holdings Pty Ltd</font></div><div><font face="tahoma, sans-serif">P: 07) 3377 </font><span style="font-family:tahoma,sans-serif;font-size:small">8751</span><font face="tahoma, sans-serif"> (Direct: 3377 </font><span style="font-family:tahoma,sans-serif;font-size:small">8751</span><font face="tahoma, sans-serif">)</font></div><div><font face="tahoma, sans-serif">F: 07) 3377 8833<br><br></font></div><img src="https://sites.google.com/a/autogeneral.com.au/logos/_/rsrc/1375661597693/home/autogeneral.gif" style="border:0px none;max-width:100%;font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;line-height:18px"><br></div></div></div></div>
</div>
<br>
<pre style="font-family:Menlo,Monaco,'Courier New',monospace;font-size:12px;white-space:pre-wrap;padding:8.5px;color:rgb(51,51,51);border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:4px;margin-top:0px;margin-bottom:9px;line-height:18px;background-color:rgb(245,245,245);border:1px solid rgba(0,0,0,0.14902);word-break:break-all;word-wrap:break-word">This email is sent by Auto & General Insurance Company Ltd, Auto & General Services Pty Ltd, Auto & General Holdings Pty Ltd or a related body corporate (Auto & General) and is for the intended addressee.
The views expressed in this email and attachments (email) reflect the views of the stated author but may not reflect views of Auto & General. This email is confidential and subject to copyright.
It may be privileged. If you are not the intended addressee, confidentiality and privilege have not been waived and any use, interference with, or disclosure of this email is unauthorised.
If you are not the intended addressee please immediately notify the sender and then delete the email. Auto & General does not warrant that this email is error or virus free.</pre>