Hello Vincent, Vincent Bartro via FreeIPA-users <[email protected]> writes:
> we are investigating the various options to create a federation between > keycloak and freeIPA, where freeIPA is the central IdM. > There seems to be two major options for such a federation : > - have keycloak talk LDAPS to freeIPA > - have keycloak talk Kerberos to freeIPA > > I could not find a clear and objective list of criteria to decide to pick > one option over the other I do use the LDAP provider and have enabled allowKerberosAuthentication. That way you can get "all" ldap attributes and have the opportunity to do kerberos SSO. Seems to work pretty well here (small home lab). Jochen -- This space is intentionally left blank. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
