[keycloak-user] Specifying LDAP/AD domain in token endpoint
Ajinkya Thakare
Ajinkya.Thakare at veritas.com
Tue Sep 10 19:32:07 EDT 2019
Hi team,
Is there anyway for the user to specify which LDAP/AD domain to point to while logging in, i.e. while using the token endpoint?
The scenario is for a multi-tenant environment, where the same username can be a part of multiple LDAP/AD domains but with different authorization roles setup in each. Here we don’t want our Keycloak instance to sequentially check into every LDAP/AD configuration added, like it does now, but rather check for validating the credentials in only specified domain.
Also, if there are different passwords in different domains for same username, the Keycloak instance returns invalid credential error if the user provides the password for a later LDAP/AD config. In this case, an ability to specify the domain will really be helpful.
Example:
Suppose username ‘athakare’ is a part of two different domains – ‘domain1’ & ‘domain2’, with different passwords, it would be easier if the user can specify something like ‘athakare at domain1’ as his username while logging in.
Please let me know if this is already possible in any way using Keycloak. Thanks!
Regards,
Ajinkya Thakare
More information about the keycloak-user
mailing list