My question is because in keycloak kerberos documentation we have 2 way to configure it: using a kerberos provider and using Kerberos user storage federation providers.
the second one, To authenticate with Kerberos backed by an LDAP server, has this specification:
Allow Kerberos authentication makes Keycloak use the Kerberos principal access user information so information can import into the Keycloak environment.
I can’t understand if in that way the user that is authenticating will use the already present user imported from ldap configuration.
in the first method, the Kerberos User Storage Federation Provider, is specified:
The Kerberos provider parses the Kerberos ticket for simple principal information and imports the information into the local Keycloak database.
so in that case I understand that the user is completely import in db.
any idea? for the To authenticate with Kerberos backed by an LDAP server the user is actually the one of the ldap in which the kerberos integration is made?
thanks!