[keycloak-user] direct access grant + kerberos

Dmitry Telegin demetrio at carretti.pro
Fri May 24 12:01:24 EDT 2019


Hello Kevin,

You could try cloning the default direct grant flow, adding Kerberos authenticator to it and removing everything else. This authenticator was initially developed for browser-based flows, so it might or might not work with direct grants. You'll need to figure that out - it could be that the authenticator might need to be adapted.

If you need to keep username+password authentication too, you should put the relevant authenticators into a subflow and make it alternative, the same way it is done in the default browser flow.

Good luck,
Dmitry Telegin

Carretti Consulting OÜ | Keycloak Consulting and Training
Sepapaja 6, Tallinn 15551, Estonia | info at carretti.pro

On Tue, 2019-05-21 at 17:48 +0000, Fox, Kevin M wrote:
> Is there a way to get back an id token by doing a direct access grant with kerberos negotiate instead of a password?
> 
> Thanks,
> Kevin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list