TechQA.

How to get Keycloak identity broker to display claims in ID token from Entra ID / Azure identity Provider

52 views Asked by At

I'm trying to retrieve some claims (roles, groups, upn) from an ID token using Keycloak as an identity provider for an OIDC app configured on Entra ID.

Using Postman, I can retrieve the ID token directly from Entra ID and the claims are there. So it's just a question of configuring Keycloak to correctly map the claims.

I've tried following this SO link, but with no luck. I've tried both the mapping described and even adding a upn client scope. Ideally, I'm trying to get the roles.

Can someone provide some insight on how to do this?

keycloak openid-connect claims-based-identity microsoft-entra-id oidc-identity-brokering
Original Q&A
1

There are 1 answers

0
Fabio Formosa On

Regarding the upn field as written here it's required the scope profile.
Open the advanced settings, in the keycloak section "identity provider" and make sure you've added openid profile in the list of scopes. By default it's empty that means only openid

Related Questions in KEYCLOAK

Related Questions in OPENID-CONNECT

Related Questions in CLAIMS-BASED-IDENTITY

Related Questions in MICROSOFT-ENTRA-ID

Related Questions in OIDC-IDENTITY-BROKERING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions