This prompt is displayed when you display keycloak login screen in
the
browser?
Yes (on Windows anyway, not on a Mac). You can cancel it and log as as you
would normally with the Keycloak form.
Can you doublecheck that your user federation has "Allow
kerberos login"
switched to off and there is no "Kerberos" credential
in required realm
credentials?
This is a screenshot of the config.
I did play around with kerberos authentication, but it is definitely turned
off now.
On Thu, Jun 4, 2015 at 6:42 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
> On 4.6.2015 01:33, Matthew Casperson wrote:
>
> We authenticate against a Windows domain using LDAP (and not using
> Kerberos).
>
> In KeyCloak 1.2.0, this prompt now appears when users are asked to log
> in. The problem is that this prompt automatically appends the domain to the
> username, and I can't see any LDAP property that accepts the domain name.
>
> We use the sAMAccountName property, which does not include the domain,
> and looking at
>
https://msdn.microsoft.com/en-us/library/windows/desktop/ms677605(v=vs.85...
> I don't see any other property that will work with this prompt.
>
> We might be able to use userPrincipalName, but none of our users have
> any experience logging in with an email address, and I'd like to avoid the
> training overhead of this if possible.
>
> So my questions are:
> 1. Can I disable this prompt and use the standard keycloak form based
> login?
>
This prompt is displayed when you display keycloak login screen in
the
> browser? Can you doublecheck that your user federation has "Allow
kerberos
> login" switched to off and there is no "Kerberos" credential in
required
> realm credentials?
>
> Marek
>
> 2. Is there an LDAP field that I can define in the keycloak LDAP
> federation config that will accept a domain as part of the username?
>
>
>
>
> --
> *Matthew Casperson*
> *Senior Front End Developer*
> Technology, Space & Distribution
> Auto & General Holdings Pty Ltd
> P: 07) 3377 8751 (Direct: 3377 8751)
> F: 07) 3377 8833
>
>
>
> This email is sent by Auto & General Insurance Company Ltd, Auto & General
Services Pty Ltd, Auto & General Holdings Pty Ltd or a related body corporate (Auto
& General) and is for the intended addressee.
> The views expressed in this email and attachments (email) reflect the views of the
stated author but may not reflect views of Auto & General. This email is confidential
and subject to copyright.
> It may be privileged. If you are not the intended addressee, confidentiality and
privilege have not been waived and any use, interference with, or disclosure of this email
is unauthorised.
> If you are not the intended addressee please immediately notify the sender and then
delete the email. Auto & General does not warrant that this email is error or virus
free.
>
>
>
> _______________________________________________
> keycloak-dev mailing
listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
--
*Matthew Casperson*
*Senior Front End Developer*
Technology, Space & Distribution
Auto & General Holdings Pty Ltd
P: 07) 3377 8751 (Direct: 3377 8751)
F: 07) 3377 8833
--
This email is sent by Auto & General Insurance Company Ltd, Auto & General
Services Pty Ltd, Auto & General Holdings Pty Ltd or a related body corporate (Auto
& General) and is for the intended addressee.
The views expressed in this email and attachments (email) reflect the views of the stated
author but may not reflect views of Auto & General. This email is confidential and
subject to copyright.
It may be privileged. If you are not the intended addressee, confidentiality and privilege
have not been waived and any use, interference with, or disclosure of this email is
unauthorised.
If you are not the intended addressee please immediately notify the sender and then delete
the email. Auto & General does not warrant that this email is error or virus free.