Univention Bugzilla – Bug 56884
support realm alias
Last modified: 2023-12-20 17:04:32 CET
From the Gitlab issue: As o365 I need multiple Identity Providers if I want to sync users to multiple "Azure Domains" Currently, Keycloak has a fixed EntityID in its XML file the Azure Cloud accesses during connection setup. Azure does not allow the same EntityID being used twice. But we want to support syncing to multiple Azure domains with the Microsoft 365 Connector.
An option has been added to univention-keycloak to create a "proxy realm" that can be used and referenced in the Azure SAML settings. It redirects all authentication to the default UCS realm, but contains all necessary mappers that make the authentication to Azure work. Additionally it creates the proxy-realm client in the UCS client. This means that the new realms don't need to be kept in "sync" with the original UCS realm, since all authentication is handled by the UCS realm directly Successful build Package: univention-keycloak Version: 1.0.10-3 Branch: ucs_5.0-0 Scope: errata5.0-6 2f319f5c8c Bug #56884: added proxy realm commands
OK: Configuration of additional Azure AD connection with the Microsoft 365 Connector works OK: Keycloak tests OK: Advisory Verified
<https://errata.software-univention.de/#/?erratum=5.0x901>