KeyCloak Azure Federation

From OSNEXUS Online Documentation Site

Revision as of 20:39, 14 April 2025 by Qadmin (talk | contribs) (→‎1. Configure Azure AD as an OpenID Connect (OIDC) Provider)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

index.php?title=Category:Integration guide

Related Integrations

Access Tokens via Keycloak

Solution Summary

Set up AzureAD as the IDC for Keycloak.
Login to Keycloak via AzureAD.
Get access tokens from Keycloak using federated user account.

1. Configure Azure AD as an OpenID Connect (OIDC) Provider

Log into the Azure Portal.
Navigate to Azure Active Directory > App registrations > New registration.
Set a name for the app (e.g., KeycloakOIDCApp).
Set the redirect URI (e.g., https://<keycloak-host>/realms/<realm-name>/broker/azuread/endpoint).
After creation, go to Certificates & Secrets and generate a new client secret.
Note the following values:
- Client ID
- Client Secret
- Tenant ID
OIDC discovery URL format:

https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration

2. Set Up Azure AD as an Identity Provider in Keycloak

Log into the Keycloak Admin Console.
Navigate to your realm > Identity Providers > Add provider > OIDC.
Fill in the following:
- Alias: azuread
- Display Name: Azure AD
- Client ID: from Azure
- Client Secret: from Azure
- Discovery URL: from Azure
- Redirect URI: should match Azure’s app registration
Save the configuration.

3. Authenticate into Keycloak Using Azure Credentials

Navigate to the Keycloak Account Portal:

https://<keycloak-host>/realms/<realm-name>/account

Select Azure AD from the login options.
You will be redirected to the Azure login screen.
After authentication, a federated Keycloak user is created or linked.

Retrieved from "https://wiki.osnexus.com/index.php?title=KeyCloak_Azure_Federation&oldid=26324"