I am trying to use keycloak for saml broking between my web application and IDP Azure AD.
I have created few users in Azure AD and added my webapp as Application there. I have configured KeyCloak with SAML IDP and imported Azure AD federation data in Keycloak.
But somewhere something is wrong as I did not get any link on web which can give me step by step process to integrate KeyCloak with Azure AD.
I am getting Microsoft login page and on putting password authentication is getting passed but then I get the following error before it redirects back to Keycloak:
Sorry, but we’re having trouble signing you in.
AADSTS700016: Application with identifier 'http://localhost:8280/auth/realms/localRealm' was not found in the directory '<>'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
I used the below 2 links to do the configuration:
https://ultimatesecurity.pro/post/okta-saml/ This link describes how to configure Keycloak with Okta for SAML
https://docs.pivotal.io/p-identity/1-5/azure/config-azure.html This link describes how to configure Azure AD as SAML IDP
Edit: It looks like Keycloak is sending wrong application identifier in SAML (maybe) as this localhost:8280... is Keycloak Realm URL and not the Azure Application Identifier which is some string key in Azure -> Applications