Spring Authorization Server Integration in Keycloak For Authorization Code Flow

Question

I have a requirement where Keycloak needs to be setup as federation with Spring authorization server to authorize and authenticate users.

Scenario 1: Using Spring Boot 2.5.4 and Spring Authorization Server 0.2.0 with Keycloak (15.0.2)

1. Using postman,make an Oauth2.0 authorization request,providing client, authorize, token endpoints configured in Keycloak.

2. Client redirected to Keycloak login screen, option to login via the Spring Authorization Server (acting as the secondary OIDC provider) presented.

3. Login screen of the Spring Auth Provider. Enter login. Service successfully authenticates, but fails post callback to keycloak with '999' error code. There seems to be a cached request in Spring Security lib which point to /error and redirectionurl issent as parameter. Defining successurl in the Security config does not solve the problem.

Scenario 2: Using Spring Boot 3.1.1 and Spring Authorization Server 1.1.0 with Keycloak (15.0.2)

1. Same test performed using postman. This time, the login through the secondary OIDC provider in Keycloak login page, throws a 400 error. No changes to any other configuration.

Expect keycloak to take the access token form Spring Auth Server, consolidate and return it back to postman.

Can someone please suggest?

Answer 1

you can remove keyclock completely because spring authorization server also provide federated login you can check the following commit id we are using this version more than one year and it is very better and handy comparing to keyclock. this version of spring authorization server is using springboot 3 and jdk 17

https://github.com/spring-projects/spring-authorization-server/issues/1208