[keycloak-user] Keycloak > FreeIPA 2FA integration
Callum Smith
callum at well.ox.ac.uk
Tue Sep 18 03:30:40 EDT 2018
I’m confused by your response, does it work fine with the OTP as defined in FreeIPA? I’m not expecting users to re-configure their OTP codes for Keycloak once they’ve already configured them in FreeIPA.
Regards,
Callum
--
Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum at well.ox.ac.uk<mailto:callum at well.ox.ac.uk>
On 17 Sep 2018, at 16:52, Jochen Hein <jochen at jochen.org<mailto:jochen at jochen.org>> wrote:
Callum Smith <callum at well.ox.ac.uk<mailto:callum at well.ox.ac.uk>> writes:
Keycloak and FreeIPA have separate integrations of 2FA, though very
different obviously store keys in a different database. I was
wondering whether you can configure Keycloak to authenticate against
FreeIPA using the recommended SSSD method and also use the OTP/2FA as
configured in FreeIPA on the backend?
https://www.keycloak.org/docs/3.0/server_admin/topics/user-federation/sssd.html
Yes, that works fine for password+OTP authentication. I couldn't get
Kerberos authentication with password+OTP going in keycloak, but
logging in with a kerberos ticket works fine.
Jochen
--
This space is intentionally left blank.
More information about the keycloak-user
mailing list