I'm not sure if I follow your question. Do you mean using two channels
to authenticate a user? Could you please elaborate more?
On 2016-06-23, Bill Burke wrote:
In this scenario, can a user be looked up out of band? Meaning, out
of
band of the authentication process?
On 6/23/16 10:00 AM, Bruno Oliveira wrote:
> Good morning,
>
> One of the use case scenarios described for FreeIPA, is the integration via PAM
> and SSSD, which "automagically" handles the authentication against the
IdM.
>
> This first step requires pretty much an IPA setup, but
> works with libpam4j[1]. Now, thinking about Keycloak, I
> would like to have an Authenticator for PAM[2], which is pretty much our
> UsernamePasswordForm + PAM. Does it make sense?
>
> Current flow:
>
> * User logs into Web application with username/password
> * PAM authenticator collects data and authenticate against PAM
> * SSSD authenticates against IdM
> * Authentication is complete
>
> After the last step, should we propagate that user to our database?
> Maybe, like Marek already mentioned, have a SSSDFederationProvider?
>
> [1] -
>
http://search.maven.org/#artifactdetails%7Corg.abstractj%7Clibpam4j%7C1.9...
> [2] -
https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-s...
>
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev