[keycloak-user] extending SAML session with Azure ID via Keycloak

[Nijo Johny]

Hi,

Our Application setup details
---------------------
Keycloak version:  3.3.0 Final
Keycloak acts as Broker. 
Azure AD configured as identity provider over SAML. 

Problem statement: Not able to renew and extract new SAML assertion from 
Azure AD.


Our app is secured using Keycloak over Open ID Connect with JWT token. We 
are leveraging Keycloak Identity Brokering to use Customer's Azure AD as 
the Identity Provider. Once user login, we need invoke customer API by 
sending SAML assertion issued by Azure AD. 

We can extract SAML issued by IDP from keycloak via GET 
/auth/realms/{realm}/broker/{provider_alias}/token HTTP/1.1. Keycloak is 
always returning same SAML assertion, one issued on login even if expired. 


Keycloak issues new JWT token to our app via refresh token exchange our 
side. But we need valid SAML assertion to call customer API.

Is there a way to renew session with AD via keycloak? Passive SAML2 Auth 
request is what I found as a solution for this. Is this supported from 
Keycloak when it acts as a broker?

Any help is appreciated.





 




This e-Mail may contain proprietary and confidential information and is 
sent for the intended recipient(s) only. If by an addressing or 
transmission error this mail has been misdirected to you, you are 
requested to delete this mail immediately. You are also hereby notified 
that any use, any form of reproduction, dissemination, copying, 
disclosure, modification, distribution and/or publication of this e-mail 
message, contents or its attachment other than by its intended recipient/s 
is strictly prohibited. Visit us at https://www.intellectdesign.com