multiple realms in config.xml file #36
Comments
|
Hey, that is a good point. In the current implementation you can only define one realm per provider. The API endpoints (e.g. But this or similar feature will come in one of the next provider versions (~1.4). My plan is to take the user domain information (Domain/User or User@Domain.TLD) and map these as realm name. This requires that a 1:1 mapping form domain name to realm name exists. This feature will be become configurable in the config.xml. See #24 for more information - it is possible to define multiple LDAP endpoints in one realm. |
|
One API request only searches a user in one realm. Read more about realms here: To differentiate realms, there are different possibilities: A) Have the application (or the user) choose the realm The application (the ADFS provider) passes the realm in the request. Either by configuration (from config.xml - but then you only can have one realm) or by having the user choose a realm.
or
B) Have privacyIDEA choose the realm Based on policies and certain conditions privacyIDEA can overwrite the realm from the request. However, in all cases privacyIDEA will search for the user only in one realm. (i like the new feature in 1.7 of adfs provider!) |
|
@MikhalMcAlister |
good day,
not an issue, but more question on features, have not found in documentation.
all is working well with 1 realm defined in config.xml file, but is there possibility to add multiple realms to check 2FA, what would be the correct code to add 2, 3 etc realm?
The text was updated successfully, but these errors were encountered: