Keycloak User Federation using LDAP over SSL

To configure it, we need to use gv-essentials from gv-essentials: 4.5.51 as the minimum version, with Keycloak settings enabled as shown below.

Steps

1. Enable Keycloak for LDAP over SSL (disabled by default):

   • After enabling LDAP over SSL in Keycloak, you need to insert the truststore password and truststore base64 value for the JKS file.

2. Creation of rootCA.jks File:

   • The customer needs to create a truststore file that will contain the certificate for LDAPS. For this, the customer must have the Java tool installed.

3. Create JKS Truststore File:

   • Create a JKS truststore file (name it rootCA.jks) and add the certificate to it. Protect it with a password. Use your password and ensure that you use the appropriate certificate for the LDAP connection. The example below demonstrates how to use your certificate (ca.crt) and your password (STR0ngPA55):

     keytool -importcert -file ca.crt -keystore rootCA.jks -alias rootCA -storepass STR0ngPA55 -noprompt

4. Encode the Truststore File with Base64:

   • Encode the rootCA.jks file with base64:

     base64 -w 0 rootCA.jks

5. Provide Base64 and Password:

   • The customer needs to provide the base64 encoded rootCA.jks file and the password for the truststore.

   • This details will be installed to kubernetes through gv-essentials as shown in above image