<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML - vooraf opgemaakt Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.E-mailStijl17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTML-voorafopgemaaktChar
{mso-style-name:"HTML - vooraf opgemaakt Char";
mso-style-priority:99;
mso-style-link:"HTML - vooraf opgemaakt";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hallo, <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My name is Erwin, and I’ve got a question regarding the Kerberos authorization.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We want to use keycloak for a project where we need to let people login through Kerberos.<o:p></o:p></p>
<p class="MsoNormal">The user federation providers are only sortable by priority but we’ll probably get 20 or more providers for this application.
<o:p></o:p></p>
<p class="MsoNormal">Now we want filter based on the real the user is in. I’ve tried a few things and I saw it was possible to decrypt the Kerberos token with base64.
<o:p></o:p></p>
<p class="MsoNormal">After that it was possible to add something of the following on line 430 of file
<o:p></o:p></p>
<p class="MsoNormal" style="background:#2D2D2D"><span style="font-size:9.0pt;font-family:"Courier New";color:#FFCC66">String
</span><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">decodedToken
</span><span style="font-size:9.0pt;font-family:"Courier New";color:#66CCCC">= </span>
<b><span style="font-size:9.0pt;font-family:"Courier New";color:#CC99CC">new </span>
</b><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">String(</span><span style="font-size:9.0pt;font-family:"Courier New";color:#FFCC66">Base64</span><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">.</span><i><span style="font-size:9.0pt;font-family:"Courier New";color:#6699CC">decode</span></i><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">(spnegoToken));<br>
</span><b><span style="font-size:9.0pt;font-family:"Courier New";color:#CC99CC">if</span></b><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">(</span><span style="font-size:9.0pt;font-family:"Courier New";color:#66CCCC">!</span><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">decodedToken.</span><span style="font-size:9.0pt;font-family:"Courier New";color:#6699CC">contains</span><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">(</span><b><span style="font-size:9.0pt;font-family:"Courier New";color:#6699CC">kerberosConfig</span></b><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">.</span><span style="font-size:9.0pt;font-family:"Courier New";color:#6699CC">getKerberosRealm</span><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">()))<br>
{<br>
</span><b><span style="font-size:9.0pt;font-family:"Courier New";color:#CC99CC">return
</span></b><span style="font-size:9.0pt;font-family:"Courier New";color:#FFCC66">CredentialValidationOutput</span><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">.</span><i><span style="font-size:9.0pt;font-family:"Courier New";color:#6699CC">failed</span></i><span style="font-size:9.0pt;font-family:"Courier New";color:#CCCCCC">();<br>
}<o:p></o:p></span></p>
<p class="MsoNormal">This way the token won’t be validated against the Kerberos server that isn’t configured for the specific realm.<o:p></o:p></p>
<p class="MsoNormal">I’m not too familiour with the whole Kerberos token, so I don’t know if this will work in all situations.
<o:p></o:p></p>
<p class="MsoNormal">Can someone tell me if this is the “correct” way of doing this, or is there some other way I haven’t seen yet?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank in advance,<o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="501" style="width:375.85pt;background:white">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in"></td>
<td width="123" style="width:92.25pt;padding:0in 0in 0in 0in">
<p class="MsoNormal"> <o:p></o:p></p>
</td>
</tr>
<tr style="height:75.0pt">
<td width="378" style="width:283.6pt;background:transparent;padding:0in 0in 0in 0in;height:75.0pt">
<p class="MsoNormal"><span lang="NL" style="font-size:16.0pt;color:#03295A">Erwin Oldenkamp<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="NL" style="font-size:10.0pt;color:#03295A"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#03295A"><img width="9" height="9" id="Afbeelding_x0020_1" src="cid:image001.jpg@01D1949A.762BEE40" alt="http://www.topicusfinance.com/mailsignature/images/phone.png"></span><span lang="NL" style="font-size:10.0pt;color:#03295A"> +31(0)88
77 88 990<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#03295A"><img width="9" height="9" id="Afbeelding_x0020_2" src="cid:image002.jpg@01D1949A.762BEE40" alt="http://www.topicusfinance.com/mailsignature/images/email.png"></span><span lang="NL" style="font-size:10.0pt;color:#03295A"> </span><span style="font-size:10.0pt;color:#03295A;mso-fareast-language:NL"><a href="mailto:erwin.oldenkamp@topicus.nl"><span lang="NL" style="color:#0563C1">erwin.oldenkamp@topicus.nl</span></a></span><span lang="NL" style="font-size:10.0pt;color:#03295A"><o:p></o:p></span></p>
</td>
<td width="123" style="width:92.25pt;background:transparent;padding:0in 0in 0in 0in;height:75.0pt">
<p class="MsoNormal"><a href="http://www.topicusfinance.com/"><span style="font-size:13.5pt;color:blue;text-decoration:none"><img border="0" width="122" height="36" id="Afbeelding_x0020_3" src="cid:image003.jpg@01D1949A.762BEE40" alt="http://www.topicusfinance.com/mailsignature/images/logo.png"></span></a><span style="font-size:13.5pt;color:#03295A"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#03295A">Koggelaan 3-A<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#03295A">8017 JH Zwolle<o:p></o:p></span></p>
<p class="MsoNormal"><a href="http://www.topicusfinance.com/"><span style="font-size:13.5pt;color:blue;text-decoration:none"><img border="0" width="17" height="17" id="Afbeelding_x0020_4" src="cid:image004.jpg@01D1949A.762BEE40" alt="Website"></span></a><span style="font-size:13.5pt;color:#03295A"> </span><a href="https://www.linkedin.com/company/topicus-finance"><span style="font-size:13.5pt;color:blue;text-decoration:none"><img border="0" width="17" height="17" id="Afbeelding_x0020_5" src="cid:image005.jpg@01D1949A.762BEE40" alt="Linkedin"></span></a><span style="font-size:13.5pt;color:#03295A"> </span><a href="https://twitter.com/TopicusFinance"><span style="font-size:13.5pt;color:blue;text-decoration:none"><img border="0" width="17" height="17" id="Afbeelding_x0020_6" src="cid:image006.jpg@01D1949A.762BEE40" alt="Twitter"></span></a><span style="font-size:13.5pt;color:#03295A"> </span><a href="https://www.facebook.com/Topicusbv?fref=ts"><span style="font-size:13.5pt;color:blue;text-decoration:none"><img border="0" width="17" height="17" id="Afbeelding_x0020_7" src="cid:image007.jpg@01D1949A.762BEE40" alt="Facebook"></span></a><span style="font-size:13.5pt;color:#03295A"><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td colspan="2" style="background:transparent;padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:13.5pt;color:#03295A"><img border="0" width="501" height="3" id="Afbeelding_x0020_8" src="cid:image008.jpg@01D1949A.762BEE40" alt="http://www.topicusfinance.com/mailsignature/images/footer.png"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>