[keycloak-user] Clarifications regarding advanced authentications (LDAP, Kerberos, SAML)

Michael Furman michael_furman at hotmail.com
Thu Nov 3 01:23:37 EDT 2016

One additional question regarding LDAP:
How can I provide an LDAP public key when I work over SSL (ldaps://<host>:636)?
Or Keycloak trusts any LDAP certificate?

From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> on behalf of Michael Furman <michael_furman at hotmail.com>
Sent: Thursday, November 3, 2016 7:08 AM
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Clarifications regarding advanced authentications (LDAP, Kerberos, SAML)

Hi all,
I will happy for clarifications regarding advanced authentications (LDAP, Kerberos, SAML).

  1.  Why Kerberos is "User Federation" but SAML is "Identity Provider"?
Both are SSO protocols (I do understand difference between protocols but it is seamless from the user point of view).

What is the difference between User Federation and Identity Provider in Keycloak?
Will Keycloak import all users from the defined in "User Federation" into internal database?

  2.  How I incorporate "User Federation" or "Identity Provider" into the authentication flow?
I see that I can add "Identity Provider Redirector" but how I add "User Federation"?
  3.  Regarding LDAP:  I have added LDAP User Federation.
The "Test connection" and the "Test authentication" pass successfully but I can not authenticate LDAP users in UI.
What I have missed?
Should I add LDAP to the authentication flow?

Thank you in advance for your help.

keycloak-user mailing list
keycloak-user at lists.jboss.org
keycloak-user Info Page - JBoss Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
To see the collection of prior postings to the list, visit the keycloak-user Archives. Using keycloak-user: To post a message to all the list members ...

More information about the keycloak-user mailing list