question

NikhilaKotha-7396 avatar image
0 Votes"
NikhilaKotha-7396 asked sikumars edited

Azure Ad as keycloak identity provider

I have configured keycloak with azure ad as OIDC identity provider. When i login from my webapp, i get redirect to microsoft login page. After this login i see that i am automatically added as a user in keycloak. I see that keycloak uses specific identity provider Id and Identity provider username to do a match, i see that email is populated as identity provider username but i see a random UUID is populated as identity provider Id, I am unable to figure out how these values are populated and i cannot find this identity provider ID in Azure AD.

If i already have a user with same email id in keycloak when i login i am not able to create this user and it does not automatically sync this user.

I could not find any way that i can see the response sent from azure AD. let me know a way we can check this response from azure AD.

Any help would be greatly appreciable.

azure-active-directory
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for reaching out and apologize for delayed response.

How are you synchronizing users reference to keycloak? are you using Azure AD user provisioning (SCIM) by any chance? if so do you see all match condition are configured properly?

additionally, you could use HTTP debug tool such as fiddler tool which help you with analyzing HTTP request/response which received from Azure AD as well keycloak. Please refer steps mentioned in below article under Not able to connect using an Azure AD user- troubleshooting guideline section from: https://techcommunity.microsoft.com/t5/azure-sql/troubleshooting-problems-related-to-azure-ad-authentication-with/ba-p/1062991

also could you please share document that you are referring with? Thanks.

0 Votes 0 ·

0 Answers