Keycloak is the Identity Provider (IDP) of Univention Nubus. This App provides the installation and integration of Keycloak for UCS.
Keycloak offers SAML and OpenID Connect Identity Provider functionality for secure Single Sign-On, including federation to other protocol compliant identity providers.
The app is configured to use the Keycloak feature "User Federation" for authentication of users against OpenLDAP, where users and groups managed by Univention Directory Manager (UDM) are stored. So all users managed in a Nubus installation are known to Keycloak and can use the provided IDP for Single Sign-On with integrated applications.
For more details go to the documentation of the most recent version of the UCS Keycloak App