Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,149 questions
Establishing Federated Trust between Keycloak and Azure AD for Pipeline Deployments with Multiple Users
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 46%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Kaushik Ray
0
Reputation points
Scenario:
I have a Jenkins pipeline where users authenticate with Keycloak. I want to leverage this authentication to allow users to deploy resources in Azure using a service principal.
- Keycloak Authentication: Users authenticate with Keycloak, and the pipeline obtains a valid access token.
- Azure AD Integration: I have configured an app registration in Azure AD and a federated secret with issuer, subject, and audience to establish trust with Keycloak. This works for a single or couple of users where I add their subjects in federated secrets.
- Service Principal Assumption: Upon successful authentication with Keycloak, the pipeline should assume the role of the service principal associated with the app registration.
Challenge:
- Multiple Users: Since each Keycloak user has a unique subject in the access token, how can I configure the federated secret in Azure AD to accommodate all users within my team (100+ members)?
- How to setup the App registration and federated secrets for all users(dynamic)
- Is this the suggested use case to use federated identity for such cases ?
Sign in to answer