Page History

...

It is possible to link Keycloak to an Active Directory with the Kerberos protocol using User Federation. This will allow users to sign in using their AD credentials. To set this up:

1. Select User Federation from the navigation panel

...

1. and then select "Add Kerberos providers".
   Image Added
2. Choose a UI display name

...

2. Enter the Kerberos Realm
   

...

1. Image Added
2. Enter the principal for the server 
   

...

1. Image Added
2. Enter the location of the keytab file containing credentials of the given principal

...

...

1. Image Added
2. Set Allow Password Authentication to On:
   

...

1. Image Added
2. Set Edit Mode to READ_ONLY
   

...

1. Image Added
2. In order to test it, a AD user can try to sign in to the Account console for the Studio realm at http://<domain:port>/Keycloak/realms/<realm>/account