Can Keycloak provide alternative authentication if LDAP is down

1.2k views Asked by At

Let's say I want to have keycloak synced with the LDAP and use it as the source for authentication. (I've managed to do this already)

But is there a way to let the keycloak be itself the identity provider if, for some reason, the LDAP connection is down?

2

There are 2 answers

0
Andre Brito On BEST ANSWER

I managed to create a custom LDAP Storage Provider to do this.

check How to create a custom UserStorageSPI on Keycloak

1
Hamza Tahiri On

First you should avoid ldap going down, by setting HA, using HAproxy and keepalived for example, as for Keycloak, you can disable "Sync Registrations" in your keycloak LDAP IDP, and create users using the admin interface, these users are stored in your local database of keycloak, and not on the LDAP so even if its goes down those users can stil get access to Keyclaok.

Refer to https://www.janua.fr/understanding-keycloak-user-federation/ for more details.