Hi,
I would like to avoid having users to add the realm to their username when accessing the selfservice portal. My idea was to have different domains for each tenant and identify the realms by the host header.
Is it possible to set a realm based on HTTP headers? I was fiddling around with conditions within policies since they looked promising.
Condition:
HTTP Request header
→ Host
→ equals
→ foo.mfa.example.org
Action:
{ "setrealm": "foo" }
But as far as I understood, policies are taking place once a user as been found. Is there another way to inject the proper realm externally, prior auth? I was also thinking abount having one realm with all resolver, but that might cause trouble once a username exists twice in different resolvers.
Thanks in advance