I am looking to use KeyCloak backed by an AD server.
Can I check a few things that I understand are correct.
1) Using the User Federation SPI I import the following from
ActiveDirectory into the KeyCloak database : first name, surname, email,
username and password.
2) Password checks are made against the Keycloak database and not the
3) Enabling kerberos authentication will allow me to do paswordless login
using my web browser from my windows box
Hope I am not to far from the mark