When you choose federated authentication, Keycloak connects to the provider and caches user information.
In the Keycloak console, go to the User Federation menu.
Click Add provider… > LDAP.
See the official Keycloak documentation for full details about user storage federation.
If you migrate from an older Domino version, use your
ldap.conffrom the Domino front end to see what inputs to use for the provider settings.
Some of these inputs include:
ldap.conf name Keycloak user federation setting name
Review the LDAP mapper associated with your provider. You must make sure that there are LDAP mappers for the following attributes:
For more details, read the official Keycloak documentation on LDAP mappers.
You can synchronize Domino administrative user roles and organization membership with attributes in your SAML identity provider. Use this to externalize management of these roles and memberships to the identity provider. Please note that the Keycloak user attributes cannot be set directly from LDAP group memberships, there have to be corresponding attributes in LDAP.