I am trying to implement a zero trust access proxy with fido2 authentication and keycloak seems to be a promising candidate.
Can someone tell me if my assumption about the capabilities of keycloak are correct?
- on-premise services only, no online service can be used for authentication or identity management
- full webauthn / fido2 support without third party components
- support for non web applications, like ssh and smtp
optionally I already have a freeIPA server that I want to use for Identity management (especially for SSH certificates)
Is this at all possible with keycloak or did I misunderstand some critical part of the documentation?