I am wondering if someone has done the user authentication via keycloak aganist vault. I am exploring use case here: I want to validate username and password of users (stored in vault) via keycloak so basically keycloak will prompt users to enter their username and password which is then validated against vault.
i have seen this username and password authentication against LDAP but have seen against vault.
Any view or suggestion please
To authenticate users in Vault using Keycloak, you integrate Keycloak with Vault’s OIDC authentication method. You configure Keycloak to manage user identities and set up a client for Vault. In Vault, you enable OIDC authentication, configure it with Keycloak’s details, and create a role that maps Keycloak’s user information to Vault’s policies. Users log in to Keycloak, which authenticates them and issues an OIDC token. This token is then used to log into Vault, where Vault verifies the token with Keycloak and grants access based on the configured policies. Essentially, Keycloak handles user authentication, and Vault manages access to secrets based on this authentication.
from your response, it looks like you are saying to setup SSO for vault, meaning if someone wants to login to vault then they can authenticate via keycloak.
Do you know if there is documentation available to configure the thing you said above?
My use case is more towards prompting the user via keycloak (autthenication flow) to enter username and password which keycloak validate against vault.
Please correct me If am not understanding you correctly.