Univention Bugzilla – Bug 56473
Keycloak kerberos authentication does not work on clients joined to school servers
Last modified: 2023-08-22 21:46:05 CEST
Because there are different Samba databases on each school server, the keycloak app does not add the SPN for ucs-sso-ng to every samba on each school. We need to add the spn for the kerberos service in the following way in the joinscript of the school replica joinscript 62ucs-school-replica.inst just like we did for simpleSAMLphp samba-tool spn add “HTTP/$keycloak_server_sso_fqdn” “krbkeycloak”