KeyCloak Azure Federation: Difference between revisions

From OSNEXUS Online Documentation Site
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
mNo edit summary
m added basic steps (no screen caps)
Line 1: Line 1:
[[Category:integration_guide]]
[[index.php?title=Category:Integration guide]]


== Related Integrations ==
== Related Integrations ==
Line 8: Line 8:
* Login to Keycloak via AzureAD.
* Login to Keycloak via AzureAD.
* Get access tokens from Keycloak using federated user account.
* Get access tokens from Keycloak using federated user account.
== 1. Configure Azure AD as an OpenID Connect (OIDC) Provider ==
# Log into the Azure Portal.
# Navigate to '''Azure Active Directory''' > '''App registrations''' > '''New registration'''.
# Set a name for the app (e.g., <code>KeycloakOIDCApp</code>).
# Set the redirect URI (e.g., <code>https://<keycloak-host>/realms/<realm-name>/broker/azuread/endpoint</code>).
# After creation, go to '''Certificates & Secrets''' and generate a new client secret.
# Note the following values:
#* '''Client ID'''
#* '''Client Secret'''
#* '''Tenant ID'''
# OIDC discovery URL format:
https://login.microsoftonline.com/&#x3C;tenant-id&#x3E;/v2.0/.well-known/openid-configuration
== 2. Set Up Azure AD as an Identity Provider in Keycloak ==
# Log into the Keycloak Admin Console.
# Navigate to your realm > '''Identity Providers''' > '''Add provider''' > '''OIDC'''.
# Fill in the following:
#* '''Alias''': <code>azuread</code>
#* '''Display Name''': <code>Azure AD</code>
#* '''Client ID''': from Azure
#* '''Client Secret''': from Azure
#* '''Discovery URL''': from Azure
#* '''Redirect URI''': should match Azure’s app registration
# Save the configuration.
== 3. Authenticate into Keycloak Using Azure Credentials ==
# Navigate to the Keycloak Account Portal:
# Select '''Azure AD''' from the login options.
# You will be redirected to the Azure login screen.
# After authentication, a federated Keycloak user is created or linked.

Revision as of 20:15, 14 April 2025

index.php?title=Category:Integration guide

Related Integrations

Access Tokens via Keycloak

Solution Summary

  • Set up AzureAD as the IDC for Keycloak.
  • Login to Keycloak via AzureAD.
  • Get access tokens from Keycloak using federated user account.

1. Configure Azure AD as an OpenID Connect (OIDC) Provider

  1. Log into the Azure Portal.
  2. Navigate to Azure Active Directory > App registrations > New registration.
  3. Set a name for the app (e.g., KeycloakOIDCApp).
  4. Set the redirect URI (e.g., https://<keycloak-host>/realms/<realm-name>/broker/azuread/endpoint).
  5. After creation, go to Certificates & Secrets and generate a new client secret.
  6. Note the following values:
    • Client ID
    • Client Secret
    • Tenant ID
  7. OIDC discovery URL format:

https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration

2. Set Up Azure AD as an Identity Provider in Keycloak

  1. Log into the Keycloak Admin Console.
  2. Navigate to your realm > Identity Providers > Add provider > OIDC.
  3. Fill in the following:
    • Alias: azuread
    • Display Name: Azure AD
    • Client ID: from Azure
    • Client Secret: from Azure
    • Discovery URL: from Azure
    • Redirect URI: should match Azure’s app registration
  4. Save the configuration.

3. Authenticate into Keycloak Using Azure Credentials

  1. Navigate to the Keycloak Account Portal:
  2. Select Azure AD from the login options.
  3. You will be redirected to the Azure login screen.
  4. After authentication, a federated Keycloak user is created or linked.
Retrieved from "https://wiki.osnexus.com/index.php?title=KeyCloak_Azure_Federation&oldid=26318"