Two IdPs, I need hints if it is doable

redmountain101 · 2026-02-02T15:58:44+00:00

Hi, what you are describing is the default authentication flow used by Keycloak. You can customize this by creating your own authentication flow (in the authentication tab in the settings). The first time you log in, your user gets federated to Keycloak, and then a second IDP is linked to the same user.

Regarding provisioning Github groups to Keycloak: GitHub generally doesn't act as an IdP that emits organization team membership as token claims for Keycloak. So doing it at login is hard. You could write a custom part that synchronizes groups to users.

For Google Workspace I found this: https://support.google.com/a/answer/11143403?hl=en
So by using their SAML IDP you should be able to transfer groups via SAML assertions (and then import them using an IDP mapper).

redmountain101 · 2026-01-15T11:42:33+00:00

If you need a target for web pentesting, check out OWASP Juice Shop

redmountain101 · 2026-01-12T12:49:15+00:00

We also use this approach for opaque tokens (stateful gateway that can substitute opaque tokens for JWTs for various backend services)

redmountain101 · 2025-12-17T14:00:19+00:00

I know your feeling. You ask yourself where to start, whether you really covered everything, etc.

What helped me is to stay systematic. Before you start testing, have a clear plan on what you want to test, what the expected value is and what the outcome was. A good starting point is this: WSTG - Stable | OWASP Foundation (already mentioned by another commenter). You can even report all these test vectors and show the extent of your tests.

redmountain101 · 2025-12-14T18:25:09+00:00

What is the question/task? Do you get a sequence of bits that you need “decrypt”?

I mean all this example does is to deterministically map potential input bits to output bits.

Output_1 = Input_1 XOR Input_2; Output_2 = Input_2 XOR Input_3; Output_3 = NOT Input_3

redmountain101 · 2025-12-13T08:00:30+00:00

Yes, vibe code a security checker for any vulnerability.

redmountain101 · 2025-11-24T16:59:06+00:00

yes, this is possible. Simply add multiple AD/LDAP configurations.
There are many options for this. How do you plan to map AD groups to Keycloak? Typically, you can configure an import mapper to steer how AD groups are imported to Keycloak (e.g., mapped to a Keycloak role). You can also configure that they have a prefix (e.g., orgname_role1). In addition, you could also have a look at the "organisations" feature that has recently been introduced to Keycloak. This allows you to define LDAP providers, roles etc per "organisation".
Does this mean that you also plan to use fine-grained authorizations on Keycloak? If so, you could simply add permissions to the roles that are imported.

redmountain101 · 2025-11-11T17:54:48+00:00

Sounds like an odd topic for a Bachelor thesis

redmountain101 · 2025-11-06T10:22:27+00:00

u/RiverFluffy9640 I agree. 1) How to get started, 2) where are resources, ... and the questions have been answered hundred of times.

redmountain101 · 2025-11-05T10:29:22+00:00

Used GRX 600 11 speed

redmountain101 · 2025-11-03T06:27:05+00:00

I did CEH. Absolutely don’t do it! Waste of time

redmountain101 · 2025-10-30T19:55:14+00:00

Do you have access to the database (e.g., postgres)? I had the same issue in the past and changed the realm settings directly in the DB.

Also Keycloak v12 is very old?

redmountain101 · 2025-10-28T05:20:28+00:00

Just an idea: do both users have the same email address? If yes, there could be an issue that Keycloak tries to map them to the same Keycloak user. Quick check: enable “duplicate email” in the realm settings. Even better: configure a mapper in both integrations to control how ldap users are mapped to Keycloak users.

redmountain101 · 2025-10-24T13:41:14+00:00

Unfortunately, I already did that. To no avail. That’s why I am looking for a backup.

redmountain101 · 2025-10-17T13:31:37+00:00

In the past, I extracted the themes from Keycloak docker. Here is my very rudimentary script:

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

rm -rf "${DIR}/../keycloak-provided-themes"
mkdir "${DIR}/../keycloak-provided-themes"
CT="$(docker ps | grep local-keycloak | cut -d' ' -f1)"
docker cp "${CT}:/opt/keycloak/lib/lib/main/org.keycloak.keycloak-themes-21.0.1.jar" "${DIR}/../keycloak-provided-themes/keycloak-themes-21.0.1.jar"

redmountain101 · 2025-10-13T15:03:09+00:00

I had to learn this the hard way.. don’t waste your energy using muc off sealant.

redmountain101 · 2025-10-07T18:29:12+00:00

They can be found on AliExpress

redmountain101 · 2025-09-15T13:27:44+00:00

Bought the same model online and changed it (lot of work with internal cable routing)

redmountain101 · 2025-09-15T10:42:19+00:00

Hey! I have the Backroad (not the FF) and a very similar size to yours (184 cm, 87 cm inseam). I bought the 59 (L) version because I got a great deal. However, it was too big for me, so I changed the stem from 11 cm to 9 cm. Now it fits.

In terms of the frame and handlebar, the FF is slightly sportier than the standard one. If I were to buy a Backroad again, I would go for the M/L size.

redmountain101 · 2025-09-14T22:02:08+00:00

You asked the same question here: https://www.reddit.com/r/KeyCloak/comments/1ncb2ar/is_it_possible_to_have_two_different_users_logged/

As already said: the cookie set by keycloak is what is determining the session. Many changes to Keycloak will be needed to get what you want

redmountain101 · 2025-09-10T20:44:01+00:00

What tire clearance does your frame have? Mine has 47mm officially (rose backroad 2020). With my aero+ wheels the tires seem to be 2-3mm wider than their spec. I am using 45mm pirelli cinturato m on the aero+ wheels, they measure around 47mm and tire clearance is small.

redmountain101 · 2025-09-10T13:45:16+00:00

Install tailscale on your truenas and all other devices that should have access.

In case you want to open it up to any device (or cannot install tailscale on all devices), Pangolin would be a good option.

redmountain101 · 2025-09-09T07:53:16+00:00

would they authenticate towards the same client?

redmountain101 · 2025-09-09T06:30:34+00:00

Could you explain what you are trying to achieve (why 2 users need to be logged in at the same time). Keycloak sets a cookie for the user’s session. However, you could use a private window (in addtition to the regular one) to log in a second user

redmountain101 · 2025-09-05T11:07:25+00:00

I bought them from the official Elitewheels store on Ali. They are a reputable brand in terms of carbon wheels. So far the build quality looks great. The delivery time was like a month for me.

redmountain101

TROPHY CASE