locked
Keycloak + SAML + Azure AD configuration RRS feed

  • Question

  • Hi Team , 

    there are many document available related to  SSO with Azure , yet very hard to find document related to  Keycloak + SAML + Azure AD configuration . 

    Keycloak is the one of ESS open source tool which  is used globally , we wanted to enable SSO with Azure .


    Btw need to know some information about role based access control with saml 

    for the users in Keycloak, we can assign roles which has different application permissions. But as SAML users are not in Keycloak, I'm not sure how to map permissions for these users. May be with Active directory groups?

    Thursday, June 27, 2019 6:10 PM

All replies

  • I am checking internally with the product team and get back to you on the same.
    Monday, July 1, 2019 8:56 PM
  • I dont think we have an app gallery integration available for Keycloak. Keycloak is also like an IDP which offer similar features. You can easily setup the SAML integration of Keycloak with Azure AD using Non-Gallery application template. We dont host other IDPs in the Azure AD app gallery, it is meant for SaaS apps and not for IDPs.

    About the Roles, if you are setting Azure AD as the IDP and Keycloak as the SP then you can setup the AppRoles in Azure AD for this application and pass this role claim in the token. That way Keycloak can parse these role values and provide right authorization.

    If you have a different scenario than this then can you please elaborate more here?

    Thanks,

    Jeevan Desarda


    Azure AD Program Manager - App Integration

    Tuesday, July 16, 2019 7:35 PM