Hi,

this is available through UserFederation SPI, which is documented http://keycloak.github.io/docs/userguide/html/user_federation.html and there is also example for it in the examples distro (simple federation provider implementation based on properties file)

Federation works in a way that you can have more federation providers configured per realm. So it's not a problem to configure LDAP federation provider (available in Keycloak by default) and your federation provider (which you will need to implement).

But ATM each user is linked just to 1 federation provider. So if your user is found in LDAP, his password will be verified against LDAP. Otherwise if he is in your DB, his password will be validated against this DB as fallback. As last fallback, if user is not linked to LDAP neither to your DB, his password will be validated against local Keycloak DB.

Marek

Dne 17.8.2015 v 16:25 Bhanu Kiran napsal(a):

Hi Team,

Please let me know how we can implement below requirement.

1. Two level authentication in Keycloak.

In first level authenticate user with Ldap and if validation fails authenticate same user with configured DB. Does Keycloak support this feature or how we have to implement this multi-level authentication.

I was able to configure ldap with my keycloak server and validate users. But I was not able to find any example how to configure external DB to authenticate users.

Please let me hot to configure external DB.

Thanks,

Bhanu
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user