Thanks Marek, I am using 3.4.3, but the two Kerberos realms are not configured in a cross realm trust (I want the web apps in one specific Keycloak realm to trust either realm, but that trust shouldn't be universal and System Admins don't want to trust other realms for Workstation logins and cross realm trust would require new authorization considerations as it changes what "anyone with an account" means). Is cross realm trusts the only way to do what I'm after? Ryan ----- Original Message ----- From: "Marek Posolda" <mposolda(a)redhat.com&gt; To: "Ryan Slominski" <ryans(a)jlab.org&gt;, "keycloak-user" <keycloak-user(a)lists.jboss.org&gt; Sent: Friday, February 9, 2018 9:04:56 AM Subject: Re: [keycloak-user] Multiple User Storage Providers Hi, which Keycloak version are you using? In 3.4.3, we added support for the scenario when the kerberos realms are in trust with each other (hence you need just 1 LDAP/Kerberos UserStorageProvider and 1 keytab). Could you try with 3.4.3 and see if it helps? Otherwise please create JIRA with the steps to reproduce and ideally with server.log (with DEBUG option enabled on LDAP storage providers and with DEBUG logging described in "Troubleshooting" section of our Kerberos documentation). Thanks, Marek Dne 9.2.2018 v 14:51 Ryan Slominski napsal(a):