I am having issues trying to setup Keycloak as a broker between an Application which only accepts OIDC, and ADFS which has been setup with SAML.
I was originally under the assumption about the following:
- IDENTITY PROVIDER (MS ADFS) <> SAML <> SERVICE PROVIDER (KEYCLOAK)
- SERVICE PROVIDER (KEYCLOAK) <> OIDC <> APPLICATION
But upon reading multiple topics, I may have been mistaken about which is the Idp and which is the Service Provider.
Can I get confirmation on if this information is correct?
Keycloak is running as a docker container, with ssl certificates and a ms sql server database.
Keycloak image: Quay
Sql Server image: Microsoft Artifact Registry
Application: Latest version, which accepts all latest OIDC configuration settings
ADFS: not entirely sure which version which is being used.
Furthermore, these have been the steps taken so far:
For Keycloak to Application [OIDC]
- Created a realm for the Application.
- Created a Client in the realm, and activated client authentication with service accounts roles as the authentication flow.
- Went to realm settings, and retrieved the " OpenID Endpoint Configuration" url link required by the Application
- Placed this url link, along with the client id and client secret, in the oidc configuration setup of the Application
[Current error: when trying to access keycloak from the application, it says incorrect parameters for redirect uri]
For ADFS to Keycloak [SAML]
- Retrieved Metadata xml file from ADFS
- Opened Identity Providers in Keycloak, created a new idenity, and then imported the Metadata xml file from ADFS.
- Then downloaded the Keycloak SAML metadata xml file and imported it in ADFS
[Current error: cannot confirm if this connection has actually occurred]
Any assistance will be greatly appreciated,