Linking Keycloak to Microsoft Active Directory and its Nuances

Eventual Windows AD LDAPS setup using Keycloak for Application Login

Keycloak XML Settings for SSL

<spi name="truststore">
<provider name="file" enabled="true">
<properties>
<property name="file" value="/opt/jboss/keycloak/truststore.jks"/>
<property name="password" value="changeit"/>
<property name="hostname-verification-policy" value="ANY"/
<property name="enabled" value="false"/>
</properties>
</provider>
</spi>

Exporting your Certificate to use

Adding the AD Certificate to a Truststore for Keycloak

keytool -import -alias FQDN-OF-LDAP-SERVER -keystore /opt/jboss/keycloak/truststore.jks -file CERTIFICATE-FILE-EXPORTED

Running Keycloak with the Truststore and SPI settings

Creating the Domain User in Microsoft AD

dsquery user -name svcopenrmfprouser*

User Federation in Keycloak with LDAP settings

User Federation using LDAPS with Windows AD
Example Keycloak User Federation using LDAPS setup for Windows Active Directory

Syncing the User Federation settings

Final Steps to Setup User Roles/Groups/Permissions

Wrapping it all Up

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store