4:38 p.m.
You would need to create a custom authenticator that is like an account
chooser page, i.e. two buttons one says "login to kerberos" the other
says "login to ldap".
A custom flow would look like this:
* Cookie Authenticator
* create an ALTERNATIVE sub flow
* REQUIRED Account Chooser Custom authenticator page - if the
kerberos button is clicked, call AuthFlowContext.success() otherwise
AuthFLowContext.attempted(). Attempted will abort this alternative flow
* REQUIRED Built in Kerberos Authenticator
* create another ALTERNATIVE sub flow
* REQUIRED built in username/password authenticator
On 8/17/16 4:05 PM, Zhou, Limin (Ray) wrote:
Hello
Right now our keycloak server was setup to do kerberos authentication
with ldap as backup, so in this case, the user will get them in
automatically
from the company domain when they hitting the URL, we have application
role definitions in the keycloak, if the user does not have the role
configured
then we want to logout them back to the default key cloack login page
and let them try their LDAP user account.
But because kerberos authentication is always on the top, so right
after we logout the user, the kerberos will let them in automatically
right now we are using keycloak.logout from keycloak.js to logout user
I am wondering what is the good practice to achieve this?
Any suggestions are welcome
thanks
raymond
------------------------------------------------------------------------
Moneris Solutions Corporation | 3300 Bloor Street West | Toronto |
Ontario | M8X 2X2 | Canada www.moneris.com 1-866-319-7450
If you wish to unsubscribe from future updates from Moneris, please
click here
<https://www.moneris.com/en/About-Moneris/Contact-Moneris/Unsubscribe.aspx>;.
Please see the Moneris Privacy Policy here
<http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx>;.
This e-mail may be privileged and/or confidential, and the sender does
not waive any related rights and obligations. Any distribution, use or
copying of this e-mail or the information it contains by other than an
intended recipient is unauthorized. If you received this e-mail in
error, please advise me (by return e-mail or otherwise) immediately.
------------------------------------------------------------------------
Corporation Solutions Moneris | 3300, rue Bloor Ouest | Toronto |
Ontario | M8X 2X2 | Canada www.moneris.com 1-866-319-7450
Si vous désirez enlever votre nom de la liste d’envoi de Moneris,
veuillez cliquer ici
<https://www.moneris.com/about-moneris/contact-moneris/unsubscribe?sc_lang...;.
Veuillez consulter la Politique de confidentialité de Moneris ici
<http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx?sc...;.
Ce courriel peut contenir des renseignements confidentiels ou
privilégiés, et son expéditeur ne renonce à aucun droit ni à aucune
obligation connexe. La distribution, l’utilisation ou la reproduction
du présent courriel ou des renseignements qu’il contient par une
personne autre que son destinataire prévu sont interdites. Si vous
avez reçu ce courriel par erreur, veuillez m’en aviser immédiatement
(par retour de courriel ou autrement).
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user