Keycloak client to Keycloak IDP - Almax84/consulting-wiki GitHub Wiki
SETUP KC BACKEND (example KEYCLOAK SPID)
Convention: this KC is exposed in localhost:8083 Convention: the Frontend KC is exposed in localhost:8081
- Setup a KC that uses SPID IdP see here
- Setup a client:
client id idm enabled ON client protocol openid-connect
acess type confidential
Root URL http://localhost:8083/idm Valid Redirect URIS (uris which are valid to be redirected to, they will be inserted in the url. If the produced redirect_uri is different from the one provided here, it will give an error) http://localhost:8081/* (yes, the * at the end should be there). This tells the backend KC to accept all the redirect urls coming from the frontend KC.
Admin URL http://localhost:8083/idm
Web Origins http://localhost:8083
Then click on top bar Credentials, select Client Authenticator = Client Id and Secret. Copy the secret. It will be necessary in the frontend.
Create mappers for all the data you want to import to the FE (example: there is a field called spid-email saved in the be keycloak, you want to import that field to the fe keycloak)
SETUP FRONTEND
- Create a realm (ex frontend)
- Authentication -> copy First Broker Login -> Call it Frontend - First Broker Login -> Delete everything except Create User if Unique (Required)
- Create Identity Provider of type: ** Keycloak OpenId Connect**
- Trust Email ON
- First Login Flow Frontend - First Broker Login created above
- Authorization URL http://localhost:8083/auth/realms/spid/protocol/openid-connect/auth
- Token URL http://localhost:8083/auth/realms/spid/protocol/openid-connect/token
- Logour URL http://localhost:8083/auth/realms/spid/protocol/openid-connect/logout
- Client Authentication Client secret sent as post
- Client ID idm
- Client Secret ********** the one copied above
- Create Mappers. The mapper from the be keycloak is exported in the field spid-email. You want to write it to the local field email
so:
user attribute name: is the local field where the data is stored
claim: is the field to look for that data from the be keycloak