[keycloak-user] Keycloak > FreeIPA 2FA integration
Jochen Hein
jochen at jochen.org
Mon Sep 17 11:52:24 EDT 2018
Callum Smith <callum at well.ox.ac.uk> writes:
> Keycloak and FreeIPA have separate integrations of 2FA, though very
> different obviously store keys in a different database. I was
> wondering whether you can configure Keycloak to authenticate against
> FreeIPA using the recommended SSSD method and also use the OTP/2FA as
> configured in FreeIPA on the backend?
>
> https://www.keycloak.org/docs/3.0/server_admin/topics/user-federation/sssd.html
Yes, that works fine for password+OTP authentication. I couldn't get
Kerberos authentication with password+OTP going in keycloak, but
logging in with a kerberos ticket works fine.
Jochen
--
This space is intentionally left blank.
More information about the keycloak-user
mailing list