I have a working Keycloak 22 instance and I need to add Active Directory as a backend IdP (Windows Server 2022).
Local Keycloak users just now do login via browser with the following URL:
https://example.com/realms/myrealm/protocol/openid-connect/auth?client_id=myClient&redirect_uri=https%3A%2F%2Fexample.com%2Fredirect&state=a799c2be-2310-4bf7-ab9b-098415f12add&response_mode=fragment&response_type=code%20id_token%20token&scope=openid&nonce=04cc92c5-4f67-444b-84f1-fe62eb169bc4
and it works. However if I try with one of the AD users, I get “Invalid username or password”. In the Keycloak logs I find:
2024-07-24 12:08:32,211 WARN [org.keycloak.events] (executor-thread-102) type=LOGIN_ERROR, realmId=myRealm, clientId=myClient, userId=null, ipAddress=x.y.z.t, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=https://example.com/redirect, code_id=f7427d22-5d60-48a6-a7eb-ce130ea2704d, username=lcrusca@teomadforest.com
Needless to say, I’ve already double checked the password I enter and that’s the correct one.
When my LDAP federation is active, the users list of the realm in Keycloak is empty, but maybe this is how it is supposed to be, I don’t know.
The LDAP federation “edit mode” is configured as UNSYNCED. The rest of the configuration is here in the attached image.
Can you please help me understand what I am doing wrong? By the way, I’m not even skilled on Windows, so maybe my fault is there.