Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-2458

Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation

    XMLWordPrintable

Details

    • False
    • None
    • False
    • 0
    • 0% 0%

    Description

      GH issue: https://github.com/keycloak/keycloak/issues/20045

      There are 2 Active Directory domains (EXAMPLE1.COM and EXAMPLE2.COM) which have mutual trust.
      Configuring User Federation of kerberos against one of them (EXAMPLE1.COM), RH-SSO/Keycloak can authenticate user1@EXAMPLE2.COM against the domains.
      However, the "KERBEROS_PRINCIPAL" attribute in UserModel is "user1@EXAMPLE1.COM". It should be "user1@EXAMPLE2.COM".

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-hokuda Hisanobu Okuda
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: