[keycloak-user] Realm resolver
stian at redhat.com
Thu Jun 25 10:22:52 EDT 2015
An alternative would be to use identity brokering. You'd have a main realm that had identity brokers for the other realms.
We plan to add an option where the user only has to enter username first. Then you can auto-redirect to a identity broker based on email domain.
----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: "Bellan Saravanan" <sarbx at hotmail.com>, keycloak-user at lists.jboss.org
> Sent: Thursday, 25 June, 2015 9:24:17 AM
> Subject: Re: [keycloak-user] Realm resolver
> There might be possibility to address this with Servlet filter, which will
> redirect you to the page where you can ask for the email. Only thing is,
> that servlet filters are triggered later than the authentication code on
> adapter side, so the filter itself would likely need to be mapped to
> unsecured URI.
> Other possibility is that we will improve the KeycloakConfigResolver, so it
> has access to the response (not just request like it's now) and have
> possibility to redirect response. But in that case, we need to do some
> refactoring on the adapter side, so all the code to resolve
> KeycloakDeployment will need to check if response is redirected and finish
> the request processing in that case. Not sure if it's the way to go TBH...
> But you can create JIRA and we can try to take a look (or you can try to
> propose PR)
> On 24.6.2015 20:34, Bellan Saravanan wrote:
> We're using KeycloakConfigResolver to resolve the realm based on the request
> URI. But if we are unable to resolve to a specific realm we want forward the
> user to a page where she can enter the email address from which we can
> figure out the user's realm.
> Since KeycloakConfigResolver cannot be used to redirect the request, any
> suggestions are how to forward to the page to manual resolution? We are
> using the Keycloak wildfly adapter.
> keycloak-user mailing list keycloak-user at lists.jboss.org
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
More information about the keycloak-user