On Mon, Nov 08, 2021 at 09:45:39PM +0000, lejeczek via FreeIPA-users wrote: > Hi guys. > > I've only stumbled upon whole Keycloak thing thus go easy on me please. I > wonder if Keycload can be a "provider" to freeIPA in some way? > One such a scenario where I think Keycloak might be a golden egg - if it > worked that is - is as a "middle-man" for user base between(or from to) AD > and freeIPA when full & legit trust is not possible. Does that make sense? > > many thanks, L. > Hi L,
It does make sense, and IIRC it is being worked on. That is, authenticating to FreeIPA realm as "external identities" by way of SAML or OpenID Connect assertions. Adding Alexander, who may be able to comment further. Thanks, Fraser _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
