Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-7270

First Broker Login Link Without Authentication

    XMLWordPrintable

Details

    • NEW
    • NEW

    Description

      In the scenario where a domain has multiple Kerberos realms of users it is useful to allow users which exist in both realms to authenticate with either account. When Kerberos cross-realm trusts are not an option, using identity provider brokering seems like a good alternative. However, by default Keycloak prompts users to authenticate before the link between accounts can be made. This is unnecessary in the case where an internal domain trusts that there is a one-to-one relationship with usernames and email addresses between realms.

      The following mailing list entry suggests a Jira be created for this enhancement and I couldn't find one so I'm creating a new Jira now:

      http://lists.jboss.org/pipermail/keycloak-user/2016-June/006653.html

      A workaround "hack" might be to have an automated cron job running with admin credentials periodically post to the JSON web endpoint of each user to create the link. This sounds problematic though with timing concerns and clearing of cached users.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              ryan.slominski Ryan Slominski (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: