Since version 3.61.0 for SSO and User Tokens, it is enough to have following realms in the order listed:
- "Local Authenticating Realm" - built-in realm used by default.
- "SSO Pac4j Realm" - single sign-on realm uses an external Identity Provider (IdP).
- "SSO Token Realm" - realm allows you to use user tokens instead of a password.
- "Docker Bearer Token Realm" - required to access Docker repositories through a Docker client (must be below the "SSO Token Realm").
Other realms are not required and may lead to conflicts.