Re: [keycloak-dev] Kerberos, login with different user
On 5 October 2015 at 15:10, Bill Burke <bburke(a)redhat.com> wrote:
On 10/5/2015 3:39 AM, Stian Thorgersen wrote:
> I don't think the account chooser is a good option. As you say users
> that login with Kerberos (and have enabled Kerberos for the Keycloak
> domain) will in 99% cases want to login with Kerberos.
>
>
Is logging out of Kerberos a big deal? I have no idea. Never in my
career have I had to log in via kerberos.
No, but I thought that was what you where arguing against?
End of the day I don't really like any of these options, and so far
> Michael is the only person asking for something like this. With that in
> mind I think it's better that Michael would develop something custom on
> top of the authenticator spi, rather than us adding this to Keycloak.
>
>
I agree, but an account chooser would be a nice feature to add the way I
described it. We got a lot of other stuff to do though that has higher
priority.
Maybe I don't understand the account chooser, but it's seems like it's just
a way to select if you want to use Kerberos or regular login? What we need
is the ability to log in additional accounts and be able to switch between
them. That also requires applications to be able to retrieve tokens for the
different logged in accounts.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
Attachments:
- attachment.html (text/html — 2.4 KB)