[keycloak-user] [EXTERNAL] Specifying LDAP/AD domain in token endpoint
Ajinkya Thakare
Ajinkya.Thakare at veritas.com
Tue Sep 17 13:26:03 EDT 2019
Hi team,
Can someone update on this please?
Regards,
Ajinkya Thakare
On 9/10/19, 4:33 PM, "keycloak-user-bounces at lists.jboss.org on behalf of Ajinkya Thakare" <keycloak-user-bounces at lists.jboss.org on behalf of Ajinkya.Thakare at veritas.com> wrote:
Hi team,
Is there anyway for the user to specify which LDAP/AD domain to point to while logging in, i.e. while using the token endpoint?
The scenario is for a multi-tenant environment, where the same username can be a part of multiple LDAP/AD domains but with different authorization roles setup in each. Here we don’t want our Keycloak instance to sequentially check into every LDAP/AD configuration added, like it does now, but rather check for validating the credentials in only specified domain.
Also, if there are different passwords in different domains for same username, the Keycloak instance returns invalid credential error if the user provides the password for a later LDAP/AD config. In this case, an ability to specify the domain will really be helpful.
Example:
Suppose username ‘athakare’ is a part of two different domains – ‘domain1’ & ‘domain2’, with different passwords, it would be easier if the user can specify something like ‘athakare at domain1’ as his username while logging in.
Please let me know if this is already possible in any way using Keycloak. Thanks!
Regards,
Ajinkya Thakare
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list