<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
this is available through UserFederation SPI, which is documented
<a class="moz-txt-link-freetext"
href="http://keycloak.github.io/docs/userguide/html/user_federation.html">http://keycloak.github.io/docs/userguide/html/user_federation.html</a>
and there is also example for it in the examples distro (simple
federation provider implementation based on properties file)<br>
<br>
Federation works in a way that you can have more federation
providers configured per realm. So it's not a problem to configure
LDAP federation provider (available in Keycloak by default) and
your federation provider (which you will need to implement). <br>
<br>
But ATM each user is linked just to 1 federation provider. So if
your user is found in LDAP, his password will be verified against
LDAP. Otherwise if he is in your DB, his password will be
validated against this DB as fallback. As last fallback, if user
is not linked to LDAP neither to your DB, his password will be
validated against local Keycloak DB.<br>
<br>
Marek<br>
<br>
Dne 17.8.2015 v 16:25 Bhanu Kiran napsal(a):<br>
</div>
<blockquote
cite="mid:CAJT7oPH-KhQvcfGDSZSRZgHe_h=ruDPtgHFXw8DktDGCO7tycQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi Team,</div>
<div><br>
</div>
<div><br>
</div>
<div>Please let me know how we can implement below requirement.</div>
<div><br>
</div>
<div><font color="#000000" face="Times New Roman" size="3">
</font></div>
<p style="margin:0in 0in 0pt"><font color="#000000"
face="Calibri" size="3">1. Two level authentication in
Keycloak.</font><font color="#000000" face="Calibri"
size="3"> </font></p>
<div><font color="#000000" face="Times New Roman" size="3">
</font></div>
<ul style="list-style-type:disc;direction:ltr">
<li style="font-style:normal;font-weight:normal">
<p
style="font-style:normal;font-weight:normal;margin-top:0in;margin-bottom:0pt">In
first level authenticate user with Ldap and
if validation fails authenticate same user with
configured DB. Does
Keycloak support this feature or how we have to implement
this multi-level
authentication.</p>
</li>
</ul>
<div
style="font-style:normal;font-weight:normal;margin-top:0in;margin-bottom:0pt">I
was able to configure ldap with my keycloak server and
validate users. But I was not able to find any example how to
configure external DB to authenticate users.</div>
<div
style="font-style:normal;font-weight:normal;margin-top:0in;margin-bottom:0pt"><br>
</div>
<div
style="font-style:normal;font-weight:normal;margin-top:0in;margin-bottom:0pt">Please
let me hot to configure external DB.</div>
<div
style="font-style:normal;font-weight:normal;margin-top:0in;margin-bottom:0pt"><br>
</div>
<div
style="font-style:normal;font-weight:normal;margin-top:0in;margin-bottom:0pt">Thanks,</div>
<div
style="font-style:normal;font-weight:normal;margin-top:0in;margin-bottom:0pt">Bhanu</div>
<div><font color="#000000" face="Times New Roman" size="3">
</font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>