Hi, I would
like to propose an enhancement to the selection of an
federation provider (ldap with kerberos).
I tried to
register two federation providers (ldap with kerberos) to
support SSO for users in two different kerberos realms. The
problem is that only the first (according to attribute
priority) will be used to
authenticate the user. Authentication of users from the
other federation provider with kerberos does not work.
I think the
selection of the federation provider to use could be
improved in the code to solve this issue. I found the
following code fragment in
"org.keycloak.models.UserFederationManager.validCredentials(KeycloakSession,
RealmModel,
UserCredentialModel...)":
// Find first
provider, which supports required credential type
for
(UserFederationProvider fedProvider : fedProviders) {
if
(fedProvider.getSupportedCredentialTypes().contains(cred.getType()))
{
providerSupportingCreds = fedProvider;
break;
}
}
In case of kerberos the federation provider could be
chosen based on the kerberos realm in the ticket and the
configured kerberos realm.
Can I just
create an issue of type enhancement in
jira?