[keycloak-user] Two level authentication in Keycloak.
Marek Posolda
mposolda at redhat.com
Tue Aug 18 04:39:33 EDT 2015
Hi,
this is available through UserFederation SPI, which is documented
http://keycloak.github.io/docs/userguide/html/user_federation.html and
there is also example for it in the examples distro (simple federation
provider implementation based on properties file)
Federation works in a way that you can have more federation providers
configured per realm. So it's not a problem to configure LDAP federation
provider (available in Keycloak by default) and your federation provider
(which you will need to implement).
But ATM each user is linked just to 1 federation provider. So if your
user is found in LDAP, his password will be verified against LDAP.
Otherwise if he is in your DB, his password will be validated against
this DB as fallback. As last fallback, if user is not linked to LDAP
neither to your DB, his password will be validated against local
Keycloak DB.
Marek
Dne 17.8.2015 v 16:25 Bhanu Kiran napsal(a):
> Hi Team,
>
>
> Please let me know how we can implement below requirement.
>
> 1. Two level authentication in Keycloak.
>
> *
>
> In first level authenticate user with Ldap and if validation
> fails authenticate same user with configured DB. Does Keycloak
> support this feature or how we have to implement this multi-level
> authentication.
>
> I was able to configure ldap with my keycloak server and validate
> users. But I was not able to find any example how to configure
> external DB to authenticate users.
>
> Please let me hot to configure external DB.
>
> Thanks,
> Bhanu
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150818/ffaf60a1/attachment.html
More information about the keycloak-user
mailing list