Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1196

[GSS] Support for multiple kerberos realms (cross domain trust)

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • RH-SSO-7.2.0.CR1
    • None
    • Server
    • None

    Description

      The org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator#getAuthenticatedUsername() has unnecessary code to check a realm name.
      SPNEGO authenticator which is configured against realm A can verify a token of a user in realm B, if realm A and B have mutual trust. The code breaks the cross-domain trust feature of Kerberos.

      Attachments

        Activity

          People

            mtrue-1 Mark True (Inactive)
            rhn-support-cdolphy Chris Dolphy
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: