We have several AD forest, and many domains. Devs want to use Keycloak for
authentication/authorization. We also have to deal with some users having the same userid
in more than 1 domain. We have trusts between our main/target domain and the other.
Keycloak server is in the main domain. Users are used to log as domain\user but not
user(a)fqdn.of.domain
What would be the best to do that?
If Keycloak Kerberos authentication is configured, is it possible to know from which
domain the authenticated user is from to fetch more information from LDAP after that?
Can we front Keycloak with an IIS with windows authentication and use the http session
variables somehow in keycloak as the user is already authenticated?
Other options?