Reputation: 201
Keycloak same username in multiple federations
I have two user federations in one realm (different active directories). Because both are completely independent, in occurs that the same username is used.
In Microsoft Applications you can use something like "ad1\ttestuser" and "ad2\ttestuser". Is there a way I can configure Keycloak to choose the user federation on login? A solution would be to add a prefix to the username in the mapper but there is no way to do it.
Upvotes: 3
Views: 3337
Answers (1)
Reputation: 51433
Is there a way I can configure Keycloak to choose the user federation on login?
You could create a different realm per user federation that you want your users to be able to explicitly authentication against. Then you configure each user federation in its own realm. Finally, you configured those realms to do identity brokering against the original realm.
The login page would look something like:
You can have a look a this answer which describes this setup in more detail.
Upvotes: 3
Related Questions
- keycloak - realm resolution based on username (email address)
- How to use two providers with same username in a realm/client in keycloak
- Keycloak multi-tenacy: One realm's authentication is used to authenticate another realm
- KeyCloak POST user with federationLink
- keycloak managed password with federated users
- use single unique client for multiple realm in keycloak
- Keycloak with custom user federation docker deployment
- Unique login for multiple clients in KeyCloak
- Sync Users between different Keycloak instances
- Assign different default user groups in Keycloak based on different LDAP user federation