SSSD not an option under "User Federation"

I’m trying to complete a Keycloak integration with FreeIPA using the SSSD federation. I have everything setup on the Keycloak server per the instructions in the keycloak documentation. The SSSD service is running on the Keycloak server, I can create users from my keycloak server.

When I go to “User Federation”, the “Add Provider” drop down only shows Kerberos and LDAP. SSSD is not an option. I’ve ensured all the services are running and survive a reboot, kinit, klist, etc. work. I’m just missing this option in the drop down. Keycloak 11.0.1 freshly installed in a Centos7 LXC container.

Any thoughts on how I go about troubleshooting this?

Thanks in advance!

In case anyone else runs into this, I didn’t have the user that was running the keycloak service enabled in my sssd.conf. Per this documentation bug:
https://issues.redhat.com/browse/KEYCLOAK-13307?jql=project%20%3D%20KEYCLOAK%20AND%20resolution%20%3D%20Unresolved%20AND%20text%20~%20"sssd"%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC

My keycloak service is running as user ‘keycloak’ so this was my fix in sssd.conf:
[ifp]
allowed_uids = root, keycloak

Hope that helps someone in the future!

1 Like