LDAP user federation works a treat, as long as the KeyCloak server can connect to the AD server. However, my KeyCloak servers will be off-site with an unreliable VPN connection to AD. Now, I’m looking for a credentials caching mechanism to allow user authentication while AD is off line.
Is there a way to cache the last successful login credentials for each federated user, like the way a Windows client will authenticate any user it has previously seen?
I’ve already looked into using OpenLDAP as a proxy, but it seems over-complicated and I couldn’t get it to work anyway.
Can anyone point me in the right direction?