Re: [keycloak-user] Two level authentication in Keycloak.
Hi,
this is available through UserFederation SPI, which is documented
http://keycloak.github.io/docs/userguide/html/user_federation.html and
there is also example for it in the examples distro (simple federation
provider implementation based on properties file)
Federation works in a way that you can have more federation providers
configured per realm. So it's not a problem to configure LDAP federation
provider (available in Keycloak by default) and your federation provider
(which you will need to implement).
But ATM each user is linked just to 1 federation provider. So if your
user is found in LDAP, his password will be verified against LDAP.
Otherwise if he is in your DB, his password will be validated against
this DB as fallback. As last fallback, if user is not linked to LDAP
neither to your DB, his password will be validated against local
Keycloak DB.
Marek
Dne 17.8.2015 v 16:25 Bhanu Kiran napsal(a):
Hi Team,
Please let me know how we can implement below requirement.
1. Two level authentication in Keycloak.
*
In first level authenticate user with Ldap and if validation
fails authenticate same user with configured DB. Does Keycloak
support this feature or how we have to implement this multi-level
authentication.
I was able to configure ldap with my keycloak server and validate
users. But I was not able to find any example how to configure
external DB to authenticate users.
Please let me hot to configure external DB.
Thanks,
Bhanu
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 4.1 KB)