KeyCloak Azure Federation: Difference between revisions

index.php?title=Category:Integration guide

Related Integrations

Access Tokens via Keycloak

Solution Summary

• Set up AzureAD as the IDC for Keycloak.
• Login to Keycloak via AzureAD.
• Get access tokens from Keycloak using federated user account.

1. Configure Azure AD as an OpenID Connect (OIDC) Provider

1. Log into the Azure Portal.
2. Navigate to Azure Active Directory > App registrations > New registration.
3. Set a name for the app (e.g., KeycloakOIDCApp).
4. Set the redirect URI (e.g., https://<keycloak-host>/realms/<realm-name>/broker/azuread/endpoint).
5. After creation, go to Certificates & Secrets and generate a new client secret.
6. Note the following values:
   • Client ID
   • Client Secret
   • Tenant ID
7. OIDC discovery URL format:

https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration

2. Set Up Azure AD as an Identity Provider in Keycloak

1. Log into the Keycloak Admin Console.
2. Navigate to your realm > Identity Providers > Add provider > OIDC.
3. Fill in the following:
   • Alias: azuread
   • Display Name: Azure AD
   • Client ID: from Azure
   • Client Secret: from Azure
   • Discovery URL: from Azure
   • Redirect URI: should match Azure’s app registration
4. Save the configuration.

3. Authenticate into Keycloak Using Azure Credentials

• Navigate to the Keycloak Account Portal:

https://<keycloak-host>/realms/<realm-name>/account

• Select Azure AD from the login options.
• You will be redirected to the Azure login screen.
• After authentication, a federated Keycloak user is created or linked.