I’ve setup Keycloak as an identity broker with Azure AD.
Everything works fine, when I trigger the login to keycloak from my webapp, I get redirect to Azure AD, do the authentication and my sample app displays my ID_token and access_token.
Of course, I’m also automatically added as a user in Keycloak.
But that’s the thing - I would like to automate that step (pre-populate Keycloak from Azure AD) - but Keycloak uses a specific Identity provider ID and Identity provider username value to do the match, and I cannot figure out where it gets that value from. I can’t find it in Azure AD - I checked all attributes of the user. I don’t see it in my JWT from Azure AD. I don’t see it in the userinfo endpoint on the Azure ID openID endpoint
It looks like this:
Identity provider ID: bPnSL00SVbZoFB97zHSwi9ksiT4bAzGxL2LKk2oaJcM
Identity provider username: bpnsl00svbzofb97zhswi9ksit4bazgxl2lkk2oajcm
If I pre-populate the users table with an entry with these values and link it to the IdP with these values, the login works and it picks up this ID automatically.
But how do I get the Identity provider ID?
Any suggestions? (using Keycloak 11.0.2)