Hi Wim,
One solution that used to work for us in the past as a POC was to create the following
items:
* User storage provider extending the internal LDAP user storage provider to add a prefix
to the username upon synchronization. It's not pretty but it works.
* Authenticator that'd generate a list of providers upon login. The user would then
need to fill in the username, password and select the provider. The authenticator will
prepend the prefix to the username based on the selected provider from the login page and
attempt to authenticate the user then.
We had no trouble synchronizing users and authentication went smoothly BUT the use of
internal Keycloak API may wreck your custom modules. So I'd recommend to stick to two
realms. IF it's possible, I'd merge the two LDAPs.
-----Oorspronkelijk bericht-----
Van: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-
bounces(a)lists.jboss.org] Namens Wim Vandenhaute
Verzonden: donderdag 31 augustus 2017 16:35
Aan: keycloak-user(a)lists.jboss.org
Onderwerp: [keycloak-user] 1 realm multiple ldap providers with username
collisions
Hello list,
What would be the advisable way of handling following use case:
1 application authn using keycloak with a realm with > 1 ldap configurations
But in 2 or more of those ldap's there are equal usernames.
How can we for user1 make sure ldap1 is used and for user2 ldap2?
I.e. for example where we could provide a login form with the
username/password but with an additional dropdown that has the
configured ldap providers in it.
What would be the advisable way of handling such a situation?
Is there any support for this that I am missing?
Would having 2 realms be the only way to handle this right now?
p.s.
We are developing against keycloak 2.5.5 at the moment
Kind regards,
Wim.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user