Setup Idea
- LDAP
- Keycloak (SSO, MFA)
Propably PrivacyIdea (MFA) will not be necessary due to the reason that Keycloak covers this use cases:
https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/docker-ldap-sso
Sources
General LDAP Setup
Role Specific LDAP Configuration
| Role | Guides |
|---|---|
| Gitlab | Integrate LDAP with GitLab | GitLab |
Brainstorming
2FA and SSO
- Single Sign-On & Two-Factor Authentication with SAML
- MFA for LDAP - Rublon
- https://www.googlecloudcommunity.com/gc/Workspace-Q-A/How-to-enable-MFA-with-LDAP/m-p/505324
- Use multifactor authentication with the LDAP Interface | Okta Classic Engine
- https://www.privacyidea.org/
- GitHub - privacyidea/privacyidea: 🔐 multi factor authentication system (2FA, MFA, OTP, FIDO Server)
- Configure MFA for LDAP - JumpCloud
- Sichern Sie LDAP-Produkte und -Systeme von Drittanbietern mit MFA - RCDevs Security
- php - Is there any solution available which supports 2FA in OpenLDAP for user authentication? - Stack Overflow
- Eine Identität für alles mit Keycloak | heise online