10:47 a.m.
Hello together,
my question is, if there is a possibility to use the Kerberos config from
keycloak while using the ROPC-Flow.
Because in this flow you just send the credentials to keycloak and keycloak
is validating them or authenticates them against an LDAP federation.
So here keycloak can't use kerberos when the client is already sending his
credentials right?
Thank you for your answers.
Felix
Mit freundlichen Grüßen
Felix Straub
KIS-Ausbildung
+49 7132 94 920297
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74172 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Stuttgart HRA 104163
3:58 a.m.
I have a JIRA opened for longer time to support Kerberos for Direct
grants (Resource Owner Password Credentials) too.
I think that it will need some helper code on client side to generate
the value for "Authorization: Negotiate" HTTP header, which will need to
be sent to Keycloak (browser is normally doing it in browser-based
flows). Then separate Authenticator on server-side to handle the ticket.
Note that we have Authentication SPI and you can set/reconfigure the
authenticator for Direct Grant. So in theory nothing prevents you to
already implement this on your own (and possibly contribute to Keycloak :)
Marek
On 08/09/17 17:47, felix.straub(a)kaufland.com wrote:
Hello together,
my question is, if there is a possibility to use the Kerberos config from
keycloak while using the ROPC-Flow.
Because in this flow you just send the credentials to keycloak and keycloak
is validating them or authenticates them against an LDAP federation.
So here keycloak can't use kerberos when the client is already sending his
credentials right?
Thank you for your answers.
Felix
Mit freundlichen Grüßen
Felix Straub
KIS-Ausbildung
+49 7132 94 920297
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74172 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Stuttgart HRA 104163
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2676
days inactive
2679
days old
1 comments
2 participants
participants (2)
-
felix.straub@kaufland.com -
Marek Posolda