Univention Bugzilla – Bug 56473
Keycloak kerberos authentication does not work on clients joined to school servers
Last modified: 2024-05-28 17:45:15 CEST
Because there are different Samba databases on each school server, the keycloak app does not add the SPN for ucs-sso-ng to every samba on each school. We need to add the spn for the kerberos service in the following way in the joinscript of the school replica joinscript 62ucs-school-replica.inst just like we did for simpleSAMLphp samba-tool spn add “HTTP/$keycloak_server_sso_fqdn” “krbkeycloak”
*** This bug has been marked as a duplicate of bug 57348 ***