This is what called simple strait forward content love it
@haskellbcurry26663 жыл бұрын
I've been trying for days to configure keycloak with Azure AD and this video cleared everything up. Thank you!
@michelvanvliet27412 жыл бұрын
Thanks, looking really simple and very helpful for our future Keycloak implementation.
@MrAngelsfriend3 жыл бұрын
Niko you are the champion. :) stay blessed.
@geekassess7343 жыл бұрын
Very good explanation, plain and simple flow. I tried and it worked for me
@lolitssbee Жыл бұрын
This is perfect & exactly what I needed, thank you!
@alexanderbrovman3 жыл бұрын
Hi Niko thank you very much for creating this, works perfectly and helped a lot!
@wamp17383 жыл бұрын
Cristal clear, Thank you 👍
@sriyanto66622 жыл бұрын
Thanks Niko for the video, this so clear and work perfectly. If there anyone know video how to register SAML client in the Keycloak, much appreciated if you can share it with me
@pablogvivo2 жыл бұрын
Thank you It was really helpful and an easy explanation
@80co3 жыл бұрын
Very clear and useful, thank you
@mahenderboini51792 жыл бұрын
Hi Niko kobler , Good explanation, could you please also send any videos for Client create and configuration for web application in keycloak. Thanks in advance
@oliviermasseau566 Жыл бұрын
Thanks, super clear :)
@GerryLSmith2 жыл бұрын
Nice, thank you.
@borislavatanasov23883 жыл бұрын
Very useful, thank you!
@nicklausbrain3 жыл бұрын
Thanks, I needed that!
@domingosdias59883 ай бұрын
Fantastic
@yasithkumara30703 жыл бұрын
Very good video. Thank you.
@yasarbaigh31723 жыл бұрын
If possible make a video on integrating Active Directory, via user federation
@alejandromartinezcoviza87283 жыл бұрын
Thanks!!! Awesome
@nirupachristy7884 Жыл бұрын
Hi Nikolas, thank you so much for sharing the procedure to configure Keycloak with AAD, could you please explain how to intergrate applications like Miro or Excel in Keycloak.
@dasniko Жыл бұрын
I don‘t focus on configuring clients to interact with any OIDC provider. I‘m only focussing on the Keycloak server itself.
@SuperAdil082 жыл бұрын
Man I love r videos
@cafe-valente2 жыл бұрын
Thanks
@dasniko2 жыл бұрын
Thank you, Matheus! This is really appreciated!! 🙏
@cafe-valente2 жыл бұрын
@@dasniko my pleasure mate. Your videos have helped me a lot
@WorkerJJ3 жыл бұрын
works perfectly, thx!!!
@roscode96 Жыл бұрын
Thanks for these great videos and all your work on keycloak and in the community! Do you have any advice for getting single-sign-out working with this Azure AD/keycloak setup? In particular how to construct the front-channel logout url for the app registration such that Azure can log the user out of keycloak (which will in turn log out of all clients)
@higorpereira12639 ай бұрын
Got any lucky on this? Same requirement here...
@roscode969 ай бұрын
No, I haven't been able to get it to work unfortunately.
@higorpereira12639 ай бұрын
@@roscode96 Thanks buddy. Sorry for the late question.
@prasadborkar81573 жыл бұрын
Very nice explanation. Any plan to upload vuejs app authentication using keycloak ? I saw you already posted video using react.
@dasniko3 жыл бұрын
Hi, thanks. Currently I‘ve not planned to do a Vue.js video. Indeed it‘s pretty similar to React, afair.
@TusharGanorkar2 жыл бұрын
hi Niko, can you share one example for ADFS and OTP in one single flow for login, your videos are very helpful... Life savior...
@rainellen3 жыл бұрын
Nice video. Any plan to include Azure AD SAML 2.0 with Keycloak integration?
@dasniko3 жыл бұрын
I don‘t use SAML at all, sorry.
@JUNO22062 жыл бұрын
Really crisp. Is Keyclock introspect the token with AAD?
@dasniko2 жыл бұрын
No
@papaamadoubabandiaye2311 күн бұрын
Hello thank you this video i want to add coursera metadata to my keycloak but when i upload metadata file it's always failed how can i link keycloak to shibboleth (SP)
@user-ls7gc1he1sАй бұрын
can u do a vdio to do it with LDAP
@vktop22 жыл бұрын
Nicve video!, I have a question, Azure AD B2C has all the features shown in Keycloak, if I have Azure and my users are in the AD, why would I use Keycloak?, Thanks
@noblebhaskar2 жыл бұрын
Hello Niko, Thanks for Video. We have Configured AzureAd as Identity provider for keycloak for webapplication. The issue we face is when User logs-out from web application in browser, he logged-out only from web application, But the AzureAD user session still remains active in browser. I am suspecting we can achieve this by configuring Logout URL in Identity provider configuration in key cloak Admin console page . But not sure what Log out URL to configure there? Also "Backchannel Logout" option should be enabled?
@nania0218 Жыл бұрын
how to set policy id in Azure AD B2C OAuth 2.0 token endpoint (v2)
@javierangelmorenomonton44876 ай бұрын
Hallo, and thank you for the video. Once the integration has been set, can we use the Azure AD Enterprise Application feature to provide MFA instead of the Keycloak native MFA mechanism? Thank you in advance. Javier.
@dasniko6 ай бұрын
You can do whatever you want in your Azure environment. If it's part of the regular authentication process/flow there, it will be executed. This is completely independent of Keycloak.
@q3rageq32 жыл бұрын
didn't get how the "localhost:8080" redirect URI had worked fine in azure... can you please clarify on this? why didn't you use a good resolvable fqdn and how did that worked in your demo scenario?
@dasniko2 жыл бұрын
No need for a fqdn when doing a demo on localhost. Azure doesn't need to have access to the domain, as it is only sending the users browser with a redirect to the specified domain (in this case with localhost). There's no access from Azure to Keycloak.
@pioamalraj97913 жыл бұрын
Hello Niko. this is very good. is there a way to automate these steps through a script? thank you. your intro was fantastic.
@tekknokrat2 жыл бұрын
there is a terraform provider for keycloak available that helps with setup idp providers, realms and clients. there is also a terraform provider available that helps with creating the azure ad. you can also use ansible or a python api to automate via a script.
@Grikoify3 жыл бұрын
Thank you.
@marcusross20993 жыл бұрын
Can you do a demo for keycloak to azure B2C?
@ahmedeisa47523 жыл бұрын
Awesome Work, very straightforward approach, but what if I want to log in using my application UI?
@dasniko3 жыл бұрын
Thanks. Authentication using your application is not how OIDC works, please read the specs for understanding the concepts. However, you can create custom Themes you deploy to Keycloak to have a customized / corporate design for your users in Keycloak.
@JohnSinha-eh2ov2 ай бұрын
pls do idp initiated sso saml using two keycloack servers
@daniellaerachannel2 жыл бұрын
does anyone has a React SPA example for this kind of stack?
@dasniko2 жыл бұрын
See my videos about Keycloak and React and my repo here: github.com/dasniko/keycloak-reactjs-demo There's nothing special for React-Keycloak-AzureAD. The react app will just use Keycloak as IdP and Keycloak itself redirects to AAD as external IdP. No React involved.
@osmarfj6752 Жыл бұрын
Thanks for the video Niko. I did these settings in order to import groups from Azure ad into keycloak. But, unfortunately, it is not working. Do you have any idea about it? I need to map groups from Azure AD into keycloak. Thank you
@victoradolfomosqueragonzal6704 Жыл бұрын
you did? you help me
@AlanDevOps Жыл бұрын
I'm also trying to figure this out, did you find a solution?
@patrikmaier5260 Жыл бұрын
Which underlying OAuth 2.0 Flow is used by the OpenID Connect Flow used here?
@dasniko Жыл бұрын
Auth Code
@harikuttan94262 жыл бұрын
I have checked the redirect url in keycloak and azure Redirect URIs both are the same, but the Redirect URI in the browser does not contain the port number (after error)
@bart3460 Жыл бұрын
Thanks for the video. Is there a way to customize this so the Keycloak username automatically is only what is in front of the @?
@dasniko Жыл бұрын
If you implement a custom authenticator which will be used in the first broker flow, then yes.
@aryapriyadarshi82273 жыл бұрын
Niko Köbler, I have tried integrating AAD with keycloak running on AWS ECS cluster but getting below error while doing sso. "Unexpected error when authenticating with identity provider « Back to Application"
@bhushan0504 Жыл бұрын
Its nice video Niko. Can you have user auth flow setting to link azure AD id with existing user in keycloak at first login. please let me know so can help in configuring authenticaton flow.
@dasniko Жыл бұрын
That‘s how it works.
@bhushan0504 Жыл бұрын
@@dasniko yes. got the flow. created manual flow with conditions
@silentwatcher1311 ай бұрын
Niko, Can we use keycloak to manage AAD Based ssh authentication for linux vms??
@AlanDevOps Жыл бұрын
Thanks for the explainer, do you know how I can map the an Azure AD Group to a Keycloak Role?
@dasniko Жыл бұрын
add the groups to the azure token and use a claim-to-role mapper in keycloak
@AlanDevOps Жыл бұрын
@@dasniko Thanks Niko, I have done that and it works as expected now. Thanks for the response :)
@cemcoral23362 жыл бұрын
Is it possible to get a token via REST using postman with this configuration?
@guilhermeduartecosta33202 жыл бұрын
Thank you for this video. I get error after authentication when Azure redirect to my application. I need to do something in my application ? ERROR -> "An internal server error has occurred" just it.
@guilhermeduartecosta33202 жыл бұрын
The problem was...Keycloak 16 does not work with java 8, because I supose 16 was compiled with java 9. I update to java 11 and everything working now
@tanhc2 Жыл бұрын
I suppose a connection is required between Keycloak and AAD as an Identity Provider... but is a connection between keycloak and AAD necessary for authentication if AAD is set up in user federation and using SAML or OIDC? Or does all communication go through the browser and redirection?
@dasniko Жыл бұрын
There‘s a mandatory backchannel communication between Keycloak and the AAD.
@kothanikhila28003 жыл бұрын
How the provider id and provider username are mapped for newly created user and what happens if the user is already created
@stevelewis3832 жыл бұрын
Great video, is it possible to pass a group value from Azure AD to keycloak?
@dasniko2 жыл бұрын
Yes. Please consult Azure docs for details.
@chamseddineabderrahim2853 Жыл бұрын
what are the possible root cause when after redirection I go back to the login page of my application and thank you
@ronnisorensen9367 Жыл бұрын
Hi All, Can anyone share why it is desirable to integrate Azure AD to Keycloak and not connect your app directly to Azure AD? It is my understanding that Azure AD can serve as Auth2/OIDC provider, so what does Keycloak add to the architecture? Any help to understand this is greatly appreciated.
@dasniko Жыл бұрын
If you only interact with AAD, there's possibly no need to use Keycloak in between. But if your application has different kinds of users, coming from various sources and identity providers and AAD is only one of them, then it get's more easy to configure them all in Keycloak and let your application interact only with one identity provider (Keycloak) instead of multiple. Also, if you have many applications, you won't configure them all to use/handle multiple IdPs.
@liberalManifesto682 жыл бұрын
Hi Niko, How do i configure logout option.
@nerospeed4 ай бұрын
Azure AD is now Microsoft Extra ID :-) (edit Entra ID)
@dasniko4 ай бұрын
hey smart-arse, it's called Entra-ID, not Extra ID and the video was produced long before the renaming!
@nerospeed4 ай бұрын
This was more a hint for other which see this video. I searched for azure active directory and could not find it. After research I found (yes typo thanks) entra Id. Danke für den Klugschwätzer Titel .....
@gmmkeshav Жыл бұрын
How to do direct Microsoft login without this password and username? Basically directly going to Microsoft login
@dasniko Жыл бұрын
Configure the "Identity Provider Redirector" step in Browser Authentication Flow.
@victoradolfomosqueragonzal6704 Жыл бұрын
How can I map Azure AD groups or roles in Keycloak
@dasniko Жыл бұрын
You need to add them into the token(s) issued by AAD, then you can create the proper mappers in Keycloak.
@prajaktapalaskar822 жыл бұрын
Hello , Can you help me how to create role in azure and after integration that role should reflect in the key cloak ( role mapping for the user between Azure and key cloak)
@dasniko2 жыл бұрын
i'm not an azure expert, don't know about azure
@oguzhanduran61423 жыл бұрын
Good work. Is it possible to sync users from Azure AD to Keycloak ?
@dasniko3 жыл бұрын
With using 3rd party IdPs, there is IMHO no need to sync anything. After a user authenticates, a representation of this user is created in Keycloak. This is necessary, so that Keycloak „knows“ this user. But the authentication itself, and thus the knowledge of the password, remains still at the IdP, which is important in such a scenario.
@oguzhanduran61423 жыл бұрын
@@dasniko yes i know, keycloak creates user after authentication, but i dont want this situation.i want to sync users periodically from azure ad and handle all azure ad users in Keycloak
@dasniko3 жыл бұрын
That‘s not what IdPs are here for. Also, Keycloak is not a „user management tool“ for 3rd party IdPs.
@mukeshwars55702 жыл бұрын
@@dasniko yeah u are right ,in case if we want to do then is it possible to do that ?of storing username and password of users from IDP to keycloak and next tym user can aunthenticate from keycloak login page instead of again going to IDP
@AbhilashaVar5 ай бұрын
Hi i want an springboot api which call internally azude without exposing the UI of keycloaqk to the users plesae provide
@harikuttan94262 жыл бұрын
i am facing an issue while login AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'fe655095-8579-4f7d-97e8-066825b0c4a2'.
@Avishekk1112 ай бұрын
@Niko Köbler (@dasniko) - In the newer version on Keycloak v22.0.5, keycloak is not copying email from IDP, even if username is mapped as email, How can we achieve this.
@dasniko2 ай бұрын
As of today, v25 is the latest version, not 22... And if everything is configured properly (also the external system), it just works. If it doesn't, then something isn't properly configured.
@Avishekk1112 ай бұрын
@@dasniko I meant on v 22, keycloak is not mapping email as email even if email is mapped as username, firstName, lastName are also copied. I followed exactly how it has been discussed in this video or similar others.