Keycloak configured with Azure as IDP and MSAL on Android

Geir Eilertsen 0 Reputation points
2024-02-13T10:42:17.0333333+00:00

I'm currently developing an Android application and I'm trying to introduce MSAL with my current Keycloak / Azure authentication flow. However, my backend is set up to validate by Keycloak tokens and I need to maintain this setup.

Here's the flow I'm trying to achieve:

  • Authenticate users with Keycloak + Azure AD using MSAL.
  • After successful Azure AD authentication, redirect to Keycloak.
  • Keycloak redirect to APP.

I'm looking for guidance on how to implement this flow. Specifically, I'm not sure how to configure Keycloak as IDP from MSAL / Authenticator. If this is not possible, are there any workarounds or alternative approaches to achieve this? I'm currently developing an Android application and I'm trying to introduce MSAL with my current Keycloak / Azure authentication flow. However, my backend is set up to validate by Keycloak tokens and I need to maintain this setup.

Here's the flow I'm trying to achieve:

  • Authenticate users with Keycloak + Azure AD using MSAL.
  • After successful Azure AD authentication, redirect to Keycloak.
  • Keycloak redirect to APP.

I'm looking for guidance on how to implement this flow. Specifically, I'm not sure how to configure Keycloak as IDP from MSAL / Authenticator. If this is not possible, are there any workarounds or alternative approaches to achieve this? Sequence diagram of current flow: Screenshot 2024-02-13 at 09.23.53

Sequence diagram of wanted flow:Screenshot 2024-02-13 at 09.25.44

I have tried to configure MSAL to use Keycloak but couldn't find any way to do that. I have also looked into B2C which should support other authentication mechanisms but it seemed to be impossible in MSAL for Android, was present in MSAL js. The authentication flow with keycloak and Azure configured as an identity provider is working perfect, but just need to add MSAL into the picture to achieve SSO. As keycloak will redirect to Azure at login we should be able to reuse the same Azure session if it already has been established by another APP/Browser on the Android phone. Any help would be greatly appreciated.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,059 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,551 questions
{count} votes