[keycloak-user] Using Keycloak with Microsoft Azure Active Directory

Reed Lewis RLewis at carbonite.com
Wed Dec 14 07:54:26 EST 2016


I figured it out.   I needed to add a mapper in order to get the email.

Thank you.

From: Stian Thorgersen <sthorger at redhat.com>
Reply-To: "stian at redhat.com" <stian at redhat.com>
Date: Wednesday, December 14, 2016 at 12:55 AM
To: Reed Lewis <RLewis at carbonite.com>
Cc: "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] Using Keycloak with Microsoft Azure Active Directory

So the issue is that you're missing the email address? You probably just need to tweak the scope setting on the provider (try adding email)

On 9 December 2016 at 14:07, Reed Lewis <RLewis at carbonite.com<mailto:RLewis at carbonite.com>> wrote:
I am attempting to use Microsoft Azure Active Directory with Keycloak.

It is not working correctly.

Here is how I have it configured:

OpenID Connect  V1.0

Enabled: On
Store Tokens: On
Store Tokens Readable: On
Trust Email: On
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize
Token URL: https://login.microsoftonline.com/common/oauth2/token
Logout URL: <none>
Backchannel Logout: Off
User Info URL: <blank>
First Login Flow: First Broker Login

It directs me to the Microsoft page to login correctly, but when it comes back to keycloak, it either only has the first and last name, but no email address.

Is there something I have configured incorrectly?

I also tried to use the built in Microsoft connector, but that does not work with Azure Active Directory.

Thank you,

Reed Lewis

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list