Re: [keycloak-dev] LDAP with Kerberos, login with different user

Understood, I have the changes for option 1 ready, however it’s usablity is very limited. As was noted by one of the developers the pressure is now on the clients to decide if and when to use the skip_auth_mechanisms. In case of keycloak.js client the client is forced to use some sort of storage (cookie) to rembember that the user logged of and have the next login use the new parameter. As said this is ready for a PR but i kind of hate it. I am on board for option 2. If I get some more devs supporting this option, we will go ahead and create a PR (separate of option 1?). Option 3 is a killer for user experience. Users would have no idea why they got a login screen.