[keycloak-dev] [keycloak-user] Get a GSSCredential when user browser is not in Active Directory domain
Alexis Almeida
alexis.almeida at gmail.com
Sat Feb 9 15:17:02 EST 2019
> I originally asked this on the user list but I'm making a change to
Federation.
> I had asked on the dev list earlier about this on the dev as I started to
see how this would work
> I got the Kerberos Ticket and serialized it to a Base 64 string. it
deserializes to a GSSCredential
> Now I have to put the Base 64 token into the access token
> Any guidance?
------------------
Hi Chris,
I hope this help you some way.
In a similar situation I created a service provider endpoint that get
Access Token as input and, after validation, generate a new bearer token
with custom claims. In that claim I put additional parameters.
This generated bearer token isn't associated to user session so I put into
this new token a new claim with the jti of the original Access Token.
More information about the keycloak-dev
mailing list