microsoft
This commit is contained in:
parent
cb0e31375a
commit
f32186a5c2
7 changed files with 29 additions and 36 deletions
BIN
images/microsoft-app-register.png
Normal file
BIN
images/microsoft-app-register.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 245 KiB |
BIN
images/microsoft-app-settings.png
Normal file
BIN
images/microsoft-app-settings.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 300 KiB |
BIN
keycloak-images/micrososft-add-identity-provider.png
Normal file
BIN
keycloak-images/micrososft-add-identity-provider.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 320 KiB |
BIN
rhsso-images/microsoft-add-identity-provider.png
Normal file
BIN
rhsso-images/microsoft-add-identity-provider.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 308 KiB |
|
@ -14,6 +14,10 @@ copy this URI to your clipboard.
|
|||
To enable login with Github you first have to register an application project in the and a client in
|
||||
https://github.com/settings/applications[GitHub Application Settings]. Select the `Developer applications` tab.
|
||||
|
||||
NOTE: Github often changes the look and feel of application registration, so these directions might not always be up to date and the
|
||||
configuration steps might be slightly different.
|
||||
|
||||
|
||||
.Add a New App
|
||||
image:../../../images/github-developer-applications.png[]
|
||||
|
||||
|
|
|
@ -13,6 +13,10 @@ copy this URI to your clipboard.
|
|||
|
||||
To enable login with LinkedIn you first have to create an application in https://www.linkedin.com/secure/developer[LinkedIn Developer Network].
|
||||
|
||||
NOTE: LinkedIn often changes the look and feel of application registration, so these directions might not always be up to date and the
|
||||
configuration steps might be slightly different.
|
||||
|
||||
|
||||
.Developer Network
|
||||
image:../../../images/linked-in-developer-network.png[]
|
||||
|
||||
|
|
|
@ -1,49 +1,34 @@
|
|||
|
||||
==== Microsoft
|
||||
|
||||
To enable login with Microsoft account you first have to register an OAuth application on https://account.live.com/developers/applications/index[Microsoft account Developer Center].
|
||||
Then you need to copy the client id and secret into the Keycloak Admin Console.
|
||||
There are a number of steps you have to complete to be able to login to Microsoft. First, go to the `Identity Providers` left menu item
|
||||
and selected `Microsoft` from the `Add provider` drop down list. This will bring you to the `Add identity provider` page.
|
||||
|
||||
Let's see first how to create an application with Microsoft.
|
||||
.Add Identity Provider
|
||||
image:../../../{{book.images}}/microsoft-add-identity-provider.png[]
|
||||
|
||||
. Go to https://account.live.com/developers/applications/create[create new application on Microsoft account Developer Center] url and login here.
|
||||
Use any value for `Application Name`, `Application Logo` and `URLs` you want.
|
||||
In `API Settings` set `Target Domain` to the domain where your Keycloak instance runs.
|
||||
. Copy `Client Id` and `Client Secret` from `App Settings` page.
|
||||
You can't click save yet, as you'll need to obtain a `Client ID` and `Client Secret` from Microsoft. One piece of data you'll need from this
|
||||
page is the `Redirect URI`. You'll have to provide that to Microsoft when you register {{book.project.name}} as a client there, so
|
||||
copy this URI to your clipboard.
|
||||
|
||||
Now that you have the client id and secret you can proceed with the creation of a Microsoft Identity Provider in Keycloak.
|
||||
As follows:
|
||||
To enable login with Microsoft account you first have to register an OAuth application at Microsoft.
|
||||
Go to the https://account.live.com/developers/applications/create[Microsoft Application Registration] url.
|
||||
|
||||
. Select the `Microsoft` identity provider from the drop-down box on the top right corner of the identity providers table in Keycloak's Admin Console.
|
||||
You should be presented with a specific page to configure the selected provided.
|
||||
. Copy the client id and client secret to their corresponding fields in the Keycloak Admin Console.
|
||||
Click `Save`.
|
||||
NOTE: Microsoft often changes the look and feel of application registration, so these directions might not always be up to date and the
|
||||
configuration steps might be slightly different.
|
||||
|
||||
Once you create the identity provider in Keycloak, you must update your Microsoft application with the redirect url that was generated to your identity provider.
|
||||
.Register Application
|
||||
image:../../../images/microsoft-app-register.png[]
|
||||
|
||||
. Open the Microsoft account Developer Center and select `API Settings` of your application.
|
||||
In `Redirect URLs` insert the redirect uri created by Keycloak.
|
||||
The redirect uri usually have the following format: `http://{host}:{port}/auth/realms/{realm}/broker/microsoft/endpoint`.
|
||||
Enter in the application name and click `Create application`. This will bring you to the application settings page of your
|
||||
new application.
|
||||
|
||||
NOTE: You can always get the redirect url for a specific identity provider from the table presented when you click on the 'Identity Provider' tab in _Realm > Settings_.
|
||||
.Settings
|
||||
image:../../../images/microsoft-app-settings.png[]
|
||||
|
||||
That is it! This pretty much what you need to do in order to setup this identity provider.
|
||||
You'll have to copy the `Redirect URI` from the {{book.project.name}} `Add Identity Provider` page and add it to the
|
||||
`Redirect URIs` field on the Microsoft application page. Be sure to click the `Add Url` button and `Save` your changes.
|
||||
|
||||
The table below lists some additional configuration options you may use when configuring this provider.
|
||||
Finally, you will need to obtain the Application ID and secret from this page so you can enter them back on the {{book.project.name}} `Add identity provider` page.
|
||||
Go back to {{book.project.name}} and specify those items.
|
||||
|
||||
.Configuration Options
|
||||
[cols="1,1", options="header"]
|
||||
|===
|
||||
|
|
||||
Configuration
|
||||
|
||||
|
|
||||
Description
|
||||
|
||||
|
|
||||
Default Scopes
|
||||
|
||||
|
|
||||
Allows you to manually specify the scopes that users must authorize when authenticating with this provider. For a complete list of scopes, please take a look at https://msdn.microsoft.com/en-us/library/hh243646.aspx. By default, Keycloak uses the following scopes: wl.basic,wl.emails
|
||||
|
||||
|===
|
||||
|
|
Loading…
Reference in a new issue