Comment 1 Arvid Requate 2023-12-01 14:41:06 CET

From the Gitlab issue:

As o365 I need multiple Identity Providers if I want to sync users to multiple "Azure Domains"

Currently, Keycloak has a fixed EntityID in its XML file the Azure Cloud accesses during connection setup. Azure does not allow the same EntityID being used twice. But we want to support syncing to multiple Azure domains with the Microsoft 365 Connector.

Comment 2 Julia Bremer 2023-12-19 10:58:43 CET

An option has been added to univention-keycloak to create a "proxy realm"
that can be used and referenced in the Azure SAML settings. 

It redirects all authentication to the default UCS realm, but contains all necessary mappers that make the authentication to Azure work. 
Additionally it creates the proxy-realm client in the UCS client.

This means that the new realms don't need to be kept in "sync" with the original UCS realm, since all authentication is handled by the UCS realm directly


Successful build
Package: univention-keycloak
Version: 1.0.10-3
Branch: ucs_5.0-0
Scope: errata5.0-6

2f319f5c8c Bug #56884: added proxy realm commands

Comment 3 Julia Bremer 2023-12-20 09:06:18 CET

OK: Configuration of additional Azure AD connection with the Microsoft 365 Connector works
OK: Keycloak tests
OK: Advisory

Verified

Comment 4 Iván.Delgado 2023-12-20 17:04:32 CET

<https://errata.software-univention.de/#/?erratum=5.0x901>