Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Keycloak - let user choose another user based on matching attribute

71 views
Skip to first unread message

Nicola Beghin

unread,
Nov 22, 2024, 2:21:17 PM11/22/24
to Keycloak User

I'm trying to understand if Keycloak could be useful in this scenario.

  1. user enters correct credentials
  2. based on a given user attribute (ie. attributeX=xyz), Keycloak checks if any other user matches attributeX=xyz: ie. user1user2 and user3
  3. user is given possibility to proceed with login with one of the matched users user1user2 and user3

thanks a lot

nicola


(cross-post from SO question https://stackoverflow.com/q/79216331/2378095)

Björn Pedersen

unread,
Nov 25, 2024, 2:54:57 AM11/25/24
to Keycloak User
Nicola Beghin schrieb am Freitag, 22. November 2024 um 20:21:17 UTC+1:

I'm trying to understand if Keycloak could be useful in this scenario.

  1. user enters correct credentials
  2. based on a given user attribute (ie. attributeX=xyz), Keycloak checks if any other user matches attributeX=xyz: ie. user1user2 and user3
  3. user is given possibility to proceed with login with one of the matched users user1user2 and user3

thanks a lot

nicola



I don't think this is possible out of the box, as this is a restricted impersonate. The impersonate rights are currently always realm-scoped. One could maybe 
emulate this behaviour with a backend service that can impersonate and does your checking and  then uses token exchange to mint new tokens, but that would be 
rather demanding in get it correct security-wise.
Reply all
Reply to author
Forward
0 new messages