I am working on a specific authentication infrastructure based on ADFS2016 and Keycloak as Identity Provider.
The client app must authenticate through OpenIdConnect protocol.
Here is what I set up :
** On keycloak side **
Configure/Clients : Client ID = http://dse1gcdsysadfs1.GCDSYS.LOCAL/adfs/services/trust
** On ADFS side **
- a Claim Provider Trust referring to the Claim Provider Identifier “https://dse1gcdsysapp10.gcdsys.local:8443/auth/realms/master” which is the IdP Keycloak
- a Relying Party Trust referring to “https/localhost:44335” which is my client app
** On App client side **
Web.config : ADFS address : ht tps://dse1gcdsysadfs1.gcdsys.local/FederationMetadata/2007-06/FederationMetadata.xml
Result : when authenticating from my client app, I am redirected to the Keycloak logon window, I enter some right credentials, and then I am redirected to my client app page, but I don’t get the attributes of my keycloak authenticated user (ID, name, e-mail, etc).
I have then 2 questions :
- How to setup claims on ADFS and Keycloak in order to get my user attributes ?
- the setup made on ADFS and Keycloak refers to SAML, so I guess I am using SAML protocol when my client app is authenticating; is it possible to use OIDC instead of SAML ?
Any help would be appreciated.