FreeIPA includes Kerberos so the SSO extends to Linux logins. Further, Keycloak supports Kerberos so if I’m logged in on an FreeIPA enrolled client Keycloak is transparent with no additional password. Thus, anything I can goes through Keycloak, otherwise manual LDAP to FreeIPA.
FreeIPA also handles most of my homelab’s DNS and honestly was not too hard to setup. I’m running it in a Alma Linux VM on Proxmox so it will be supported for a while.
FreeIPA + Keycloak
FreeIPA includes Kerberos so the SSO extends to Linux logins. Further, Keycloak supports Kerberos so if I’m logged in on an FreeIPA enrolled client Keycloak is transparent with no additional password. Thus, anything I can goes through Keycloak, otherwise manual LDAP to FreeIPA.
FreeIPA also handles most of my homelab’s DNS and honestly was not too hard to setup. I’m running it in a Alma Linux VM on Proxmox so it will be supported for a while.