EFS SSO Guide With Non Keycloak IDPs

EFS SSO Guide With Non Keycloak IDPs

This tutorial explains how to enable SSO with EFS Keycloak and a non-keycloak based identity provider in a base platform.

Set up a trusted client in EFS

Create a trusted client in EFPF Keycloak and configure the redirect URL to the base platform IDP.

img Figure 1 : Create a new Client in EFS

Obtain an active login session from EFS

Login to EFS to have an active login session with your user. This will be required for the subsequent steps.

Login to the EFS portal here : https://efpf-security-portal.salzburgresearch.at/auth/

Obtain an authorization code for the user

Redirect the user to the following URL, and replace the values accordingly (highlighted area).

https://efpf-security-portal.salzburgresearch.at/auth/realms/master/protocol/openid-connect/auth?client_id=your_client_id &redirect_uri=​ your_redirect_uri​ &response_type=code&scope=openid&nonce=​ccd9

If a user is already logged in to EFPF then it will redirect the call to the given redirect_uri with an authorization code. Extract the code value from the URL.

Obtain an ID Token with the Authorization Code Grant Type

Use the code value from above step and make a REST call to obtain an id token.

curl --request POST \
--url
'https://efpf-security-portal.salzburgresearch.at/auth/realms/master/protocol/openid-connect/
token' \
--header 'content-type: application/x-www-form-urlencoded' \--data grant_type=authorization_code \
--data 'client_id=​your_client_id​ \
--data client_secret=your_client_secret \
--data code=​ 
3d376c8a-975f-4afc-8959-6c77d3bd612d.5b1d9ab6-22a5-424eb8cb-458420fe690f​ \
--data 'redirect_uri=​ your_redirect_url​ '

Decode the ID Token to obtain the user details

Decode the ID/Access token to get the details regarding the logged-in user. The token provided is a JSON web token and it can be decoded by any programming language.

eg: https://stackoverflow.com/questions/38340078/how-to-decode-jwt-token

Create the User in the base platform

Create the user in the base platform and provide automatic login (SSO) to the user.

Previous