That is a good point. We could accept the user name password in the binding params or pehaps just a token (to avoid needing the password) if not provided we use the default user we created with a tool tip saying "to create a binding to another realm, you will need to use a user that has access to that realm"
I think if we don't do this it present a security problem for operators. Where they have provisioned a keycloak but now have to give away the keys to the kingdom in order to allow it to be shared |
|
