Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-2064

Support for provider fallback during authentication flow when authenticating with Kerberos

    XMLWordPrintable

Details

    Description

      In a scenario where multiple User Storage providers are configured, and you have 2 LDAP providers configured against Kerberos realm (assuming both use same keytab file). Keycloak ideally should look up after the user being authenticated in each one (following priority order) until find it.

      For example, in a scenario where we have two providers: LDAP A and LDAP B, if the user couldn't be found in the first one, Keycloak would look up in LDAP B.

      Today, if the user couldn't be found in the first one, the authentication flow stops and return an authentication error to the client.

      Attachments

        Issue Links

          links to

          Web Link KCS Link

          Web Link Keycloak GHI #9290

          Activity

            People

              Unassigned Unassigned
              rhn-support-zanini Ricardo Zanini Fernandes
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: