Keycloak works for Office365 but fails for SharePoint Online

bwatkins79 · April 13, 2023, 7:55pm

So you definitely do NOT want to add it to External Identities, that is what was breaking mine.

I used some of the info from here: Azure AD Connect: Use a SAML 2.0 Identity Provider for Single Sign On - Azure - Microsoft Entra | Microsoft Learn

Basically you open powershell and use: Connect-MsolService
Then set up the federation

This is what mine looked like

$dom = "[DOMAINNAME]" 
$BrandName = "[BrandName]" 
$LogOnUrl = "https://[KeycloakURL]/realms/[REALM]/protocol/saml" 
$LogOffUrl = "https://[KeycloakURL]/realms/[REALM]/protocol/saml" 
$ecpUrl = "https://[KeycloakURL]/realms/[REALM]/protocol/saml" 
$MyURI = "urn:federation:MicrosoftOnline" 
$MySigningCert = "[KeycloakSigningCert]" 
$Protocol = "SAMLP" 
Set-MsolDomainAuthentication `
  -DomainName $dom `
  -FederationBrandName $BrandName `
  -Authentication Federated `
  -PassiveLogOnUri $LogOnUrl `
  -ActiveLogOnUri $ecpUrl `
  -SigningCertificate $MySigningCert `
  -IssuerUri $MyURI `
  -LogOffUri $LogOffUrl `
  -PreferredAuthenticationProtocol $Protocol

I’m going to try to write up the whole process, but if this doesn’t get you working, let me know.

Topic		Replies	Views
Using Keycloak as IDP for Office365 and SharePoint Online Configuring the server authentication , saml	6	3465	March 22, 2024
How to integrate to office 365	5	4085	July 1, 2022
How to use Keycloak as an identity provider with Office365 and login to applications like PowerApps Getting advice authentication	8	6423	March 6, 2024
Using Keycloak as IdP for Azure AD Securing applications identity-brokering	26	14919	April 12, 2024
Keycloak as IdP, Federated Logins and Windows Web SignIn not working Getting advice authentication , identity-brokering , user-federation , saml	0	197	December 19, 2023

Keycloak works for Office365 but fails for SharePoint Online

Related Topics