OpenID Federation - Additional WellKnown Document Provider

tr_ovi · January 10, 2024, 3:19pm

Hey all!

I’m trying to implement parts of the OpenID Federations Spec (OpenID Federation 1.0 - draft 32) as a Keycloak extension.

One piece of it is an exposed well-known document, which is a signed JWS at the url <issuer>/.well-known/openid-federation .

Example: https://example.com/auth/realms/master/.well-known/openid-federation .

The problem so far is, that I can’t do this as a RealmResource due to the additional path segment the provider ID adds. Abusing the WellKnownProvider also does not work as it enforces the response to be of type application/json .

Is there another solution to achieve this? Or should we consider another approach?

KlausNie · February 1, 2024, 11:57am

@tr_ovi Do you know about this GitHub - eosc-kc/keycloak-oidc-federation: Keycloak extensions for supporting OpenID Connect Federation ?

It could contain hints on how this could be done

Topic	Replies	Views
Using ID Provider and User Federation in one realm Getting advice ldap , oidc	526	March 2, 2023
Override well-known-openid-configuration Configuring the server authentication , oidc	904	February 22, 2023
Documentation on how to write a custom Identity provider Getting advice documentation , identity-brokering	280	May 25, 2023
Inherit roles from other realm via OpenID Connect Getting advice	116	January 3, 2024
Keycloak operator with custom realm file using that I am trying to create an Identity provider authentication , oidc	616	January 17, 2022

OpenID Federation - Additional WellKnown Document Provider

Related Topics