alt text

Blog

Lessons Learned when implementing a Custom User Storage Provider for Keycloak

von | Feb. 16, 2024 |

In this article, we present our findings and conclusions derived from our implementation of a “proof-of-concept” Keycloak extension. This extension integrates a relational database containing user information with the identity provider (abbreviated as “IdP”) Keycloak [1]. Within the Keycloak framework, such an extension is referred to as a “custom user storage provider,” which we will shorthand as “the custom provider” throughout this article.

The article begins by elucidating the motivation behind developing this custom provider, outlining its scope and objectives. Subsequently, it delves into the design decisions made and the intended data flow, accompanied by an explanation of the technical approach adopted. Finally, the article discusses the challenges and issues encountered during the implementation process.

mehr lesen

Azure AD Federation with Keycloak as SAML identity provider using external B2B guest users – Automating User and Group Sync from Keycloak to Azure AD

von | Mai 4, 2023 |

Here at B1 Systems, we recently had the challenge to give all colleagues access to resources in the Microsoft Azure Public Cloud. Of course, we have an existing (OpenSource) authentication/authorization infrastructure, which is not Microsoft Azure, but consists of an OpenLDAP server for legacy applications and a Keycloak instance for “all things web”. If you have the same or a similar setup, this small howto might be interesting for you.

Out in the interwebs there are 100s of guides to use Microsoft Azure Directory (Azure AD) as an identify provider (IdP) in Keycloak. But we want it to be the other way around! Keycloak shall be a SAML federated IdP for Azure AD.

mehr lesen

Azure AD Federation with keycloak as SAML identity provider using external B2B guest users – Getting Started

von | Apr. 25, 2023 |

Here at B1 Systems, we recently had the challenge to give all colleagues access to resources in the Microsoft Azure Public Cloud. Of course, we have an existing (OpenSource) authentication/authorization infrastructure, which is not Microsoft Azure, but consists of an OpenLDAP server for legacy applications and a Keycloak instance for “all things web”. If you have the same or a similar setup, this small howto might be interesting to you.

mehr lesen