Open in app

Sign in

Write

Sign in

Keycloak and IDP Configuration

Ayoub Chamchi
2 min readJun 26, 2023

--

This document provides step-by-step instructions on how to configure Keycloak and an Identity Provider (IDP) in parallel. Follow these steps to set up the integration between Keycloak and the IDP.

Add OpenID Connect Provider in Keycloak

  1. Open the Keycloak admin page.
  2. Navigate to the “Identity Providers” section.
  3. Select “OpenID Connect v1.0” from the list of providers.

Configure OpenID Connect Provider in Keycloak

  1. Provide an alias for the OpenID Connect provider. Note that the alias will be part of the Redirect URI (kc_idp_hint).

Add an OpenID Connect Application in the IDP

  1. Configure the OpenID Connect Application in the IDP.
  2. Provide the application name.
  3. Copy the Redirect URI from Keycloak and set it as the Login redirect URIs in the IDP’s configuration.
  4. Save the configuration.

Obtain OpenID Connect Application Client Credentials

After saving the OpenID Connect Application configuration in the IDP, the following client credentials will be generated:

  • Client ID
  • Client Secret

You can find this information at the bottom of the General tab. Copy the Client ID and Client Secret for later use in the Keycloak configuration.

Configure OpenID Connect Application Metadata in Keycloak

  1. Go to the “Identity Providers” section in Keycloak.
  2. Select the OpenID Connect provider you added earlier.
  3. Paste the IDP’s OpenID Connect application well-known endpoint into the “Discovery endpoint” field. This will automatically fill in the metadata fields with the endpoints from the IDP.
  4. Copy the Client ID and Client Secret obtained from the IDP.
  5. Set the following Default Scopes: openid profile email phone.

Login using IDP OpenID Connect

To log in using the IDP OpenID Connect provider, follow these steps:

  1. Open the Keycloak login page.
  2. You will see an additional button that allows you to log in to Keycloak using the IDP OpenID Connect provider.
  3. Note that you can configure the Display Name in the provider configuration to set a more user-friendly name.
  4. Click on the button, and you will be redirected to the IDP for authentication.
  5. After successful authentication, you will be redirected back to Keycloak.
Keycloak
Openid Connect
Idp
Security
Development

--

--

Ayoub Chamchi

Written by Ayoub Chamchi

11 Followers

Passionate problem-solver and code wizard, using my expertise in technology to craft innovative solutions and bring ideas to life.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams