[keycloak-user] 1 realm multiple ldap providers with username collisions

Kevin Berendsen kevin.berendsen at pharmapartners.nl
Mon Sep 4 11:00:10 EDT 2017 

Hi Wim,

One solution that used to work for us in the past as a POC was to create the following items:
* User storage provider extending the internal LDAP user storage provider to add a prefix to the username upon synchronization. It's not pretty but it works.
* Authenticator that'd generate a list of providers upon login. The user would then need to fill in the username, password and select the provider. The authenticator will prepend the prefix to the username based on the selected provider from the login page and attempt to authenticate the user then.

We had no trouble synchronizing users and authentication went smoothly BUT the use of internal Keycloak API may wreck your custom modules. So I'd recommend to stick to two realms. IF it's possible, I'd merge the two LDAPs.

> -----Oorspronkelijk bericht-----
> Van: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-
> bounces at lists.jboss.org] Namens Wim Vandenhaute
> Verzonden: donderdag 31 augustus 2017 16:35
> Aan: keycloak-user at lists.jboss.org
> Onderwerp: [keycloak-user] 1 realm multiple ldap providers with username
> collisions
> 
> Hello list,
> 
> What would be the advisable way of handling following use case:
> 
> 1 application authn using keycloak with a realm with > 1 ldap configurations
> But in 2 or more of those ldap's there are equal usernames.
> How can we for user1 make sure ldap1 is used and for user2 ldap2?
> 
> I.e. for example where we could provide a login form with the
> username/password but with an additional dropdown that has the
> configured ldap providers in it.
> 
> What would be the advisable way of handling such a situation?
> Is there any support for this that I am missing?
> Would having 2 realms be the only way to handle this right now?
> 
> p.s.
> We are developing against keycloak 2.5.5 at the moment
> 
> Kind regards,
> Wim.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list