I’m working on keycloak with Microsoft ADFS (2012 server) integration.
My understanding is below.
In this case, Keycloak is Service Provider to user (exposed to us as OIDC)
Keycloak communicates to ADFS with SAML and routes back to the requested resource post ADFS login.
My Identity Provider - ADFS
https://ip:port/keycloak-auth/realms/samladfs/account
This is working fine. As first it redirects to ADFS page, post validation in ADFS, it redirects back to the /account resource and some info of user is also stored in Keycloak.
My problem:
I don’t know how to get access token in this scenario, which admin CLI I need to call. Please help me.
I tried the below scenario
Request:
HTTP Method: POST
URI: https://ip:port/keycloak-auth/realms/samladfs/protocol/openid-connect/token
grant_type:urn:ietf:params:oauth:grant-type:token-exchange
subject_token_type:urn:ietf:params:oauth:token-type:access_token
client_secret:XXXXX (Created one client with Access_Type: confidential)
client_id:XXXX
Response:
{
“error”: “unauthorized_client”,
“error_description”: “INVALID_CREDENTIALS: Invalid client credentials”
}
Is this correct approach or is there any alternate way to get the access token.