[keycloak-dev] Filter user federation provider on Realms
Erwin Oldenkamp
Erwin.Oldenkamp at topicus.nl
Tue Apr 12 03:26:36 EDT 2016
Hallo,
My name is Erwin, and I've got a question regarding the Kerberos authorization.
We want to use keycloak for a project where we need to let people login through Kerberos.
The user federation providers are only sortable by priority but we'll probably get 20 or more providers for this application.
Now we want filter based on the real the user is in. I've tried a few things and I saw it was possible to decrypt the Kerberos token with base64.
After that it was possible to add something of the following on line 430 of file
String decodedToken = new String(Base64.decode(spnegoToken));
if(!decodedToken.contains(kerberosConfig.getKerberosRealm()))
{
return CredentialValidationOutput.failed();
}
This way the token won't be validated against the Kerberos server that isn't configured for the specific realm.
I'm not too familiour with the whole Kerberos token, so I don't know if this will work in all situations.
Can someone tell me if this is the "correct" way of doing this, or is there some other way I haven't seen yet?
Thank in advance,
Erwin Oldenkamp
[http://www.topicusfinance.com/mailsignature/images/phone.png] +31(0)88 77 88 990
[http://www.topicusfinance.com/mailsignature/images/email.png] erwin.oldenkamp at topicus.nl<mailto:erwin.oldenkamp at topicus.nl>
[http://www.topicusfinance.com/mailsignature/images/logo.png]<http://www.topicusfinance.com/>
Koggelaan 3-A
8017 JH Zwolle
[Website]<http://www.topicusfinance.com/> [Linkedin] <https://www.linkedin.com/company/topicus-finance> [Twitter] <https://twitter.com/TopicusFinance> [Facebook] <https://www.facebook.com/Topicusbv?fref=ts>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 698 bytes
Desc: image001.jpg
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0008.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 686 bytes
Desc: image002.jpg
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0009.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 2117 bytes
Desc: image003.jpg
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0010.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 838 bytes
Desc: image004.jpg
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0011.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 823 bytes
Desc: image005.jpg
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0012.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 823 bytes
Desc: image006.jpg
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0013.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 819 bytes
Desc: image007.jpg
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0014.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 828 bytes
Desc: image008.jpg
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160412/20f8a2b2/attachment-0015.jpg
More information about the keycloak-dev
mailing list