<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"\@SimSun";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hello<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Right now our keycloak server was setup to do kerberos authentication with ldap as backup, so in this case, the user will get them in automatically
<o:p></o:p></p>
<p class="MsoNormal">from the company domain when they hitting the URL, we have application role definitions in the keycloak, if the user does not have the role configured
<o:p></o:p></p>
<p class="MsoNormal">then we want to logout them back to the default key cloack login page and let them try their LDAP user account.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">But because kerberos authentication is always on the top, so right after we logout the user, the kerberos will let them in automatically<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">right now we are using keycloak.logout from keycloak.js to logout user<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am wondering what is the good practice to achieve this?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any suggestions are welcome<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">thanks<o:p></o:p></p>
<p class="MsoNormal">raymond<o:p></o:p></p>
</div>
<hr>
<font face="Arial" color="Black" size-?9?="">Moneris Solutions Corporation | 3300 Bloor Street West | Toronto | Ontario | M8X 2X2 | Canada www.moneris.com 1-866-319-7450
<br>
If you wish to unsubscribe from future updates from Moneris, please click <a href="https://www.moneris.com/en/About-Moneris/Contact-Moneris/Unsubscribe.aspx">
here</a>. Please see the Moneris Privacy Policy <a href="http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx">
here</a>. <br>
<br>
This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received
this e-mail in error, please advise me (by return e-mail or otherwise) immediately.
<hr>
Corporation Solutions Moneris | 3300, rue Bloor Ouest | Toronto | Ontario | M8X 2X2 | Canada www.moneris.com 1-866-319-7450
<br>
Si vous désirez enlever votre nom de la liste d’envoi de Moneris, veuillez cliquer
<a href="https://www.moneris.com/about-moneris/contact-moneris/unsubscribe?sc_lang=fr-CA">
ici</a>. Veuillez consulter la Politique de confidentialité de Moneris <a href="http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx?sc_lang=fr-CA ">
ici</a>. <br>
<br>
Ce courriel peut contenir des renseignements confidentiels ou privilégiés, et son expéditeur ne renonce à aucun droit ni à aucune obligation connexe. La distribution, l’utilisation ou la reproduction du présent courriel ou des renseignements qu’il contient
par une personne autre que son destinataire prévu sont interdites. Si vous avez reçu ce courriel par erreur, veuillez m’en aviser immédiatement (par retour de courriel ou autrement).
</font>
</body>
</html>