keycloak integration with Azure AD for webapp authentication

azure-active-directory saml keycloak
16,562

I believe there might be 2 things you are missing:

  1. The App ID URI field in the Azure AD app registration properties must be replaced with the Redirect URI of the Keycloak identity provider, but without the "/broker/...../endpoint" part at the end.

For example, if your identity provider was named myprovider for realm named myrealm, your Redirect URI probably looks like this https://mykeycloakserver/auth/realms/myrealm/broker/myprovider/endpoint, so the value you need to use in Azure AD for the App ID URI would look like: https://mykeycloakserver/auth/realms/myrealm

  1. Make sure the full keycloak redirect url is listed as one of the "Reply URLs" in the Azure AD app registration.

PS - the APP ID URI property of the app is not (currently, as of 2019/04) available in the App Registrations (preview) panel - you need to go to App Registrations > {app name} > Settings > Properties

Hope that helps

Share:
16,562
Ishan Rastogi
Author by

Ishan Rastogi

Updated on August 21, 2022

Comments

  • Ishan Rastogi
    Ishan Rastogi over 1 year

    I am trying to use keycloak for saml broking between my web application and IDP Azure AD.

    I have created few users in Azure AD and added my webapp as Application there. I have configured KeyCloak with SAML IDP and imported Azure AD federation data in Keycloak.

    But somewhere something is wrong as I did not get any link on web which can give me step by step process to integrate KeyCloak with Azure AD.

    I am getting Microsoft login page and on putting password authentication is getting passed but then I get the following error before it redirects back to Keycloak:

    Sorry, but we’re having trouble signing you in.

    AADSTS700016: Application with identifier 'http://localhost:8280/auth/realms/localRealm' was not found in the directory '<>'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

    I used the below 2 links to do the configuration:

    https://ultimatesecurity.pro/post/okta-saml/ This link describes how to configure Keycloak with Okta for SAML

    https://docs.pivotal.io/p-identity/1-5/azure/config-azure.html This link describes how to configure Azure AD as SAML IDP

    Edit: It looks like Keycloak is sending wrong application identifier in SAML (maybe) as this localhost:8280... is Keycloak Realm URL and not the Azure Application Identifier which is some string key in Azure -> Applications

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Keycloak "Unexpected error when handling authentication request to identity provider"
AADSTS700016: Application with identifier 'some_id' was not found in the directory 'some_another_id'
How to sign a Azure AD user into Firebase in a Flutter mobile app?
Flutter appauth Invalid parameter: redirect_uri
Authenticate flutter app with keycloak and openid_client
How to integrate Azure AD SSO in flutter app
How to redirect keyclock to application's page and get token
Unable to resolve the OpenID Configuration with the provided Issuer of "https://login.microsoftonline.com/xxxxx/.well-known/openid-configuration"
Keycloak Access Token vs UserInfo token?
Spring Boot - KeyCloak directed to 403 forbidden