KC & Itsme
493 views
Skip to first unread message
Lars Van Casteren
Feb 25, 2021, 4:12:00 PM2/25/21
to Keycloak User
Hi,
OIDCProviderMetadataURL https://e2emerchant.itsme.be/oidc/.well-known/openid-configuration
OIDCClientID <redacted>
I'm looking to integrate an external Identity Provider (Itsme) based on the Authorization Code Flow of OpenID Connect 1.0 with KC.
I used Apache & mod_auth_openidc as a Proof-Of-Concept and generated a working mod_auth_openidc config:
OIDCClientID <redacted>
OIDCRedirectURI https://<redacted>/protected/callback
OIDCScope "openid service:<redacted> profile email phone address"
OIDCClientJwksUri https://belgianmobileid.github.io/slate/private_jwks.json
OIDCPublicKeyFiles "e1#conf.d/your_public_e1.key" "s1#conf.d/your_public_s1.key"
OIDCPrivateKeyFiles "s1#conf.d/your_private_s1.key" "e1#conf.d/your_private_e1.key"
OIDCScope "openid service:<redacted> profile email phone address"
OIDCClientJwksUri https://belgianmobileid.github.io/slate/private_jwks.json
OIDCPublicKeyFiles "e1#conf.d/your_public_e1.key" "s1#conf.d/your_public_s1.key"
OIDCPrivateKeyFiles "s1#conf.d/your_private_s1.key" "e1#conf.d/your_private_e1.key"
However, the received userinfo response from the idp is an encrypted JWT.
This required these additional OIDC parameters:
OIDCUserInfoSignedResponseAlg RS256
OIDCUserInfoEncryptedResponseAlg RSA-OAEP
OIDCUserInfoEncryptedResponseAlg RSA-OAEP
Is it possible to configure this Identity Provider in KC using the master console or another way?
Thanks!
Lars Van Casteren
Nov 18, 2022, 10:47:01 AM11/18/22
to Keycloak User
In case someone else comes across this unanswered post.
It's possible now: https://github.com/keycloak/keycloak/pull/10519
Reply all
Reply to author
Forward
0 new messages