Hello Vincent,
we use LDAP provider - currently with disabled
allowKerberosAuthentication.
This works very well with different Linux systems for SSO.
best regards
Lars
Am 2025-12-19 16:09, schrieb Jochen Kellner via FreeIPA-users:
Hello Vincent,
Vincent Bartro via FreeIPA-users <[email protected]>
writes:
we are investigating the various options to create a federation
between
keycloak and freeIPA, where freeIPA is the central IdM.
There seems to be two major options for such a federation :
- have keycloak talk LDAPS to freeIPA
- have keycloak talk Kerberos to freeIPA
I could not find a clear and objective list of criteria to decide to
pick
one option over the other
I do use the LDAP provider and have enabled
allowKerberosAuthentication. That way you can get "all" ldap attributes
and have the opportunity to do kerberos SSO. Seems to work pretty well
here (small home lab).
Jochen
--
This space is intentionally left blank.
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
