Connect with Keycloak

This tutorial is part of the OpenID Connect Series.

Back to OpenID Connect

Category: Intermediate

Difficulty: 3 out of 5

Duration: 20 minutes

1. Overview 2. Get started 3. Create a new realm 4. Create a new user 5. Add an identity provider 6. Skip Discovery Service 7. Next Steps

Find a mistake? Let us know the issue here.

Skip Discovery Service

AAF’s implementation of OpenID Connect allows service administrators to configure their service to skip the discovery service and login directly through a specified IdP. This can also be done through Keycloak.

Getting started

Find the entityID of the IdP that you wish to directly login through. This can be done by looking through the AAF metadata or your own registrations.

AAF Test Metadata
For Example, the AAF Virtual Home is: https://vho.aaf.edu.au/idp/shibboleth

You can also view the metadata of all the IdPs in the AAF Federation by visiting AAF Federation Manager.

Sending the request

On the details page of your newly created identity provider (in this example called ‘oidc’), scroll down to the ‘OpenID Connect settings’ section and click on the ‘Advanced’ toggle.

Advanced Toggle

Several new fields will appear:

Advanced Settings

Scroll down to the ‘Forwarded query parameters’ field and add the entityID=<idp-entity> parameter. Multiple parameters can be entered, each separated by a comma (,).
Click ‘Save’.

You will now be able to login directly through the specified IdP.

Up Next:

7. Next Steps