Hallo,
My name is Erwin, and I’ve got a question regarding the Kerberos authorization.
We want to use keycloak for a project where we need to let people login through Kerberos.
The user federation providers are only sortable by priority but we’ll probably get 20 or more providers for this application.
Now we want filter based on the real the user is in. I’ve tried a few things and I saw it was possible to decrypt the Kerberos token with base64.
After that it was possible to add something of the following on line 430 of file
String
decodedToken
=
new
String(Base64.decode(spnegoToken));
if(!decodedToken.contains(kerberosConfig.getKerberosRealm()))
{
return
CredentialValidationOutput.failed();
}
This way the token won’t be validated against the Kerberos server that isn’t configured for the specific realm.
I’m not too familiour with the whole Kerberos token, so I don’t know if this will work in all situations.
Can someone tell me if this is the “correct” way of doing this, or is there some other way I haven’t seen yet?
Thank in advance,
|
|
Erwin Oldenkamp +31(0)88
77 88 990 |
Koggelaan 3-A 8017 JH Zwolle |
|