[keycloak-dev] LDAP with Kerberos, login with different user
Jože Mlakar
Joze.Mlakar at ixtlan-team.si
Thu Oct 5 04:02:39 EDT 2017
We are considering implementing this feature.
The feature requires Keycloak to allow the user to logon as another user even if Kerberos works.
The user scenario is two fold:
* Have an admin hold two accounts (normal with Kerberos and elevated using username/pass) and switch between them
* Have a user logged on using Kerberos when another user visits and wants to logon as himself without logging on to the computer.
The feature would be implemented via a new query parameter (i.e. skipAuthMechanism=cookie,kerberos) that would allow the client to skip certain methods of authentication.
I would like to make sure such a PR would not be rejected as work would have been wasted.
More information about the keycloak-dev
mailing list