Yes, its possible. We do this same with our OpenIPA integration.
On 9/12/2015 10:30 AM, Vito Vessia wrote:
Hi all,
I've a legacy solution that uses its own users (included the password)
and roles database, so due to the migration to Keycloack I've written a
User Federation Provider. Optionally some users may use their Active
Directory credentials to log in on the realm and my User Federation
Provider is able to manage both cases. So I don't use the official LDAP
User Federation Provider provided by Keycloack. I'd like to offer to
users mapped on LDAP the Kerberos authentication. Is it possible to
create a similar login pipeline:
1) The User Kerberos token is valid, so Keycloack grabs it and then
calls my User Federation Provider passing it the username that comes
from Kerberos;
2) OR, the User Kerberos token is NOT valid, so Keycloack shows the
login page to the user and then passes the credentials to my User
Federation Provider.
Thank you in advance,
--Vito
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com