2. Limitations of the Keycloak app

The Keycloak app has not the same feature set as the SimpleSAMLphp integration at the time of writing. All of the following points are currently not supported by the Keycloak app, but will be implemented in the next versions.

For more information about limitations of the Keycloak app, refer to Requirements and limitations in Univention Keycloak app documentation [1].

2.1. App authorization

In SimpleSAMLphp it’s possible to restrict the access to certain clients through a checkbox on the user object in the UMC. To restrict the access of users to certain clients isn’t possible with Keycloak at the moment.

2.2. Customization of the login page

With SimpleSAMLphp it’s possible to adjust the login page through various UCR variables. You can use these UCR variables to add links to the sign-in dialog, for example to redirect the user to the User self services in case they forgot their password.

With Keycloak you can adjust the theming of the sign-in dialog, but adding custom links isn’t supported for the moment.