Keycloak SSO/Kerberos with IIS

[Jernej Vodopivec]

Hi, I would kindly ask for some hint how Kerberos / SSO could be implemented for the following scenario (Microsoft AD environment):

- nginx as a reverse proxy server - frontend

- Keycloak as a Form based (pre)authentication - users are synced from AD

- delegation of user credentials to backend IIS server (OWA, SharePoint) to achieve seamless SSO user authentication

Thank you very much for any valuable information!

Regards,

Jernej

[Evan Schnell]

I'm chasing down a question that's tangential to this.  Can you just use the "Microsoft" identity provider?    How common is "Microsoft" authentication at customers using AD?  Looking ahead when deploying keycloak should we ignore Kerberos and focus on the "Microsoft" identity provider?    In your case can you use the "Microsoft" identity provider at your enterprise?  If not why not?  What differentiates AD customers from Microsoft login customers?