[keycloak-dev] Kerberos progress
Bill Burke
bburke at redhat.com
Thu Feb 12 09:01:20 EST 2015
On 2/12/2015 8:53 AM, Pedro Igor Silva wrote:
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Marek Posolda" <mposolda at redhat.com>, keycloak-dev at lists.jboss.org
>> Sent: Thursday, February 12, 2015 11:49:05 AM
>> Subject: Re: [keycloak-dev] Kerberos progress
>>
>> I'm just trying to figure out where does the Broker SPI end and the User
>> Federation SPI begin? And wondering if our SPIs can be unified,
>> simplified, or refactored. For example, how would client-cert auth be
>> implemented? Like Kerberos, its a credential that is checked prior to
>> displaying a login screen.
>>
>> Another thing, does the broker SPI allow you to still require extra
>> credentials supplied by Keycloak instead of the brokered IDP?
>
> What is the use case ?
>
You have an IDP that only handles username/password and you want to add
client-cert/otp for additional protection. For example a login to
facebook.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list