Integration of Keycloak with a ldaps server
Summary
The Keycloak server can currently by integrated with an ldap external server for user federation. This issue asks to support user federation with ldaps.
related references
Details
The Keycloak deployment doesn't bring the possibility to specify CA certificate of the remote ladp server, and inject it in a truststore used to be used by Keycloak to verify the ldap server certificate.
The Keycloak additionalOptions
spi-truststore-file-file
(trustore file path), spi-truststore-file-password
(other that the default password) and spi-truststore-file-hostname-verification-policy
(set to ANY) can be used to define the trustore to be used for the certificate verification.
An additional volume must be mounted on Keycloak to store the trustore.
Edited by Alain Thioliere