[keycloak-user] Clarifications regarding advanced authentications (LDAP, Kerberos, SAML)

Michael Furman michael_furman at hotmail.com
Thu Nov 3 01:08:23 EDT 2016

Hi all,
I will happy for clarifications regarding advanced authentications (LDAP, Kerberos, SAML).

  1.  Why Kerberos is "User Federation" but SAML is "Identity Provider"?
Both are SSO protocols (I do understand difference between protocols but it is seamless from the user point of view).

What is the difference between User Federation and Identity Provider in Keycloak?
Will Keycloak import all users from the defined in "User Federation" into internal database?

  2.  How I incorporate "User Federation" or "Identity Provider" into the authentication flow?
I see that I can add "Identity Provider Redirector" but how I add "User Federation"?
  3.  Regarding LDAP:  I have added LDAP User Federation.
The "Test connection" and the "Test authentication" pass successfully but I can not authenticate LDAP users in UI.
What I have missed?
Should I add LDAP to the authentication flow?

Thank you in advance for your help.


More information about the keycloak-user mailing list