[keycloak-dev] Is it possible to combine Kerberos authentication with an User Federation Provider?

Bill Burke bburke at redhat.com
Sat Sep 12 15:23:46 EDT 2015


Yes, its possible.  We do this same with our OpenIPA integration.

On 9/12/2015 10:30 AM, Vito Vessia wrote:
> Hi all,
> I've a legacy solution that uses its own users (included the password)
> and roles database, so due to the migration to Keycloack I've written a
> User Federation Provider. Optionally some users may use their Active
> Directory credentials to log in on the realm and my User Federation
> Provider is able to manage both cases. So I don't use the official LDAP
> User Federation Provider provided by Keycloack. I'd like to offer to
> users mapped on LDAP the Kerberos authentication. Is it possible to
> create a similar login pipeline:
> 1) The User Kerberos token is valid, so Keycloack grabs it and then
> calls my User Federation Provider passing it the username that comes
> from Kerberos;
> 2) OR, the User Kerberos token is NOT valid, so Keycloack shows the
> login page to the user and then passes the credentials to my User
> Federation Provider.
> Thank you in advance,
>
> --Vito
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list