Re: [keycloak-user] Keycloak > FreeIPA 2FA integration
Callum Smith <callum(a)well.ox.ac.uk> writes:
Keycloak and FreeIPA have separate integrations of 2FA, though very
different obviously store keys in a different database. I was
wondering whether you can configure Keycloak to authenticate against
FreeIPA using the recommended SSSD method and also use the OTP/2FA as
configured in FreeIPA on the backend?
https://www.keycloak.org/docs/3.0/server_admin/topics/user-federation/sss...
Yes, that works fine for password+OTP authentication. I couldn't get
Kerberos authentication with password+OTP going in keycloak, but
logging in with a kerberos ticket works fine.
Jochen
--
This space is intentionally left blank.