My client wants to implement a solution whereby:
-
Thin client logon to LDAP or AD once, and upon boot, a specific corporate application is launched and login is based on earlier LDAP/AD credentials.
-
The current corporate application currently supports SSO with Microsoft AD using Kerberos and SAML2 (only for Windows clients)
We are trying to ascertain if, with Keycloak, can we achieve the same SSO for Linux and Windows clients whereby users logon once (only) be it AD or OpenLDAP, and the corporate application can auto-launched and authenticated.