[keycloak-user] OpenID Java Adapter: configuring keycloak to use an IDP different then Keycloak Server
Usai, Fabrizio
fabrizio.usai at cjsm.vlaanderen.be
Thu Nov 8 09:13:59 EST 2018
Dear,
We are using Keycloak Java adapter 4.5.0 in combination with EAP7.1. When we configure our keycloak.json we have for auth-server-url the url https://authentication.country.com/op/v1/auth (the original url is changed for privacy reasons). So far so good.
When we navigate to our application, we are forwarded to https://authentication.country.com/op/v1/auth/realms/KeycloakOIDCRealm/protocol/openid-connect/auth?response_type=code&client_id=fac9d161-d27d-493d-uze896zed78&redirect_uri=.....
This is not good, since we use our own identity provider. Removing the realms/KeycloakOIDCRealm/protocol/openid-connect/ part of the url, forwards it correctly to the identity provider. So the Keycloak adapter adds it by default, assuming we will always use Keycloak as an identity provider. Before we were using SAML and didn't had this issue.
How can we configure the keycloak.json for the adapter to leave out the addition of realms/KeycloakOIDCRealm/protocol/openid-connect/?
We don't understand why with SAML we didn't had this issue at all, and now with OpenID it seems very difficult to solve this issue. Our current guess to solve this, is to overwrite some Keycloak Java class and make sure the url is built the correct way. Although it is a bit dirty, we could accept this as solution (if it is possible), but we prefer to do this via configuration.
Kind regards,
Fabrizio Usai
More information about the keycloak-user
mailing list