KeyCloak Azure Federation: Difference between revisions

index.php?title=Category:Integration guide

Related Integrations

Access Tokens via Keycloak

Solution Summary

• Set up AzureAD as the IDC for Keycloak.
• Login to Keycloak via AzureAD.
• Get access tokens from Keycloak using federated user account.

1. Configure Azure AD as an OpenID Connect (OIDC) Provider

• Log into the Azure Portal.
• Navigate to Azure Active Directory > App registrations > New registration.
• Set a name for the app (e.g., KeycloakOIDCApp).
• Set the redirect URI (e.g., https://<keycloak-host>/realms/<realm-name>/broker/azuread/endpoint).
• After creation, go to Certificates & Secrets and generate a new client secret.
• Note the following values:
  • Client ID
  • Client Secret
  • Tenant ID
• OIDC discovery URL format:

https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration

2. Set Up Azure AD as an Identity Provider in Keycloak

1. Log into the Keycloak Admin Console.
2. Navigate to your realm > Identity Providers > Add provider > OIDC.
3. Fill in the following:
   • Alias: azuread
   • Display Name: Azure AD
   • Client ID: from Azure
   • Client Secret: from Azure
   • Discovery URL: from Azure
   • Redirect URI: should match Azure’s app registration
4. Save the configuration.

3. Authenticate into Keycloak Using Azure Credentials

• Navigate to the Keycloak Account Portal:

https://<keycloak-host>/realms/<realm-name>/account

• Select Azure AD from the login options.
• You will be redirected to the Azure login screen.
• After authentication, a federated Keycloak user is created or linked.