[keycloak-user] kc_idp_hint for Kerberos

Glenn Campbell campbellg at teds.com
Tue Mar 14 08:52:31 EDT 2017


Is there some mechanism similar to kc_idp_hint=login that will let me skip
authentication via Kerberos ticket and let me log in via the Keycloak login
page?

My situation is that I have admin user accounts in my application but users
don't log in to Windows with these accounts. So UserA logs in to Windows
with his UserA account but sometimes needs to log in to my application as
AdminX.

I see that I can use impersonation from the Keycloak admin console to
impersonate AdminX and then open a browser tab and go to my application and
I'll be logged in to my application as AdminX. But this strategy is a
little inconvenient for users to use on a daily basis. Not horrible by any
means but I'm sure I'll get some complaints. More importantly these users
are admins in my application but they are not Keycloak admins and I'd
rather not have them mucking around in the Keycloak admin console.


More information about the keycloak-user mailing list