I am trying to enable SSO using keycloak as identity broker and Microsoft AD as identity provider(where keycloak will delegate the client's authentication request to AD) in a django python project.
Tech stack of application: frontend- React, backend - django python
For this I am using python-keycloak library in django to communicate with keycloak.What I am able to achieve is : setup a connection with keycloak and get access_token and refresh_token when username and password is provided like this:
# Create Keycloak instance
self.keycloak = KeycloakOpenID(server_url=self.server_url,
client_id=self.client_id,
realm_name=self.realm,
client_secret_key=self.client_secret_key)
# Get WellKnow
self.config_well_know = self.keycloak.well_know()
# Get Token
self.token = self.keycloak.token("user","pwd")
# get userinfo
self.userInfo = self.keycloak.userinfo(self.token['access_token'])
# userinfo returned ok
But here i am providing username and password which I should not as I want to enable sso with Microsoft AD(Note: keycloak realm is configured to use Microsoft AD as default IDP) and only username should be sufficient to enable SSO with Microsoft. But it is giving error on passing only username.
Question: How to authenticate user from Microsoft AD using keycloak broker and what should be the syntax for the same?
