Re: [keycloak-user] Clarifications regarding advanced authentications (LDAP, Kerberos, SAML)

One additional question regarding LDAP: How can I provide an LDAP public key when I work over SSL (ldaps://<host>:636)? Or Keycloak trusts any LDAP certificate? ________________________________ From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; on behalf of Michael Furman <michael_furman(a)hotmail.com&gt; Sent: Thursday, November 3, 2016 7:08 AM To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] Clarifications regarding advanced authentications (LDAP, Kerberos, SAML) Hi all, I will happy for clarifications regarding advanced authentications (LDAP, Kerberos, SAML). 1. Why Kerberos is "User Federation" but SAML is "Identity Provider"? Both are SSO protocols (I do understand difference between protocols but it is seamless from the user point of view). What is the difference between User Federation and Identity Provider in Keycloak? Will Keycloak import all users from the defined in "User Federation" into internal database? 2. How I incorporate "User Federation" or "Identity Provider" into the authentication flow? I see that I can add "Identity Provider Redirector" but how I add "User Federation"? 3. Regarding LDAP: I have added LDAP User Federation. The "Test connection" and the "Test authentication" pass successfully but I can not authenticate LDAP users in UI. What I have missed? Should I add LDAP to the authentication flow? Thank you in advance for your help. Michael _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user keycloak-user Info Page - JBoss Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user> lists.jboss.org To see the collection of prior postings to the list, visit the keycloak-user Archives. Using keycloak-user: To post a message to all the list members ...