Page History

...

Users can always update their password (temporary or not) in the Account console for the Studio realm at http://<domain:port>/Keycloak/realms/<realm>/account, or http://localhost:150/Keycloak/realms/BlueriqStudio15/account in a typical installation.

User Federation: NTLM/LDAP

It is possible to link Keycloak to an Active Directory using User Federation. This will allow users to sign in using their AD credentials. To set this up:

...

Select which credentials Keycloak will use to query the AD, for example as CN=Keycloak,CN=Services,DC=company,DC=com.

Test authentication to ensure the configuration works.

User Federation: Kerberos

It is possible to link Keycloak to an Active Directory with the Kerberos protocol using User Federation. This will allow users to sign in using their AD credentials. To set this up:

Select User Federation from the navigation panel. From the Add provider drop-down, select kerberos.

Image Added

Enter the Kerberos Realm

Image Added

Enter the principal for the server 

Image Added

Enter the location of the keytab file containing credentials of the given principal.

Image Added

Set Allow Password Authentication to On:

Image Added

Set Edit Mode to READ_ONLY

Image Added