In my application set up I am using Keycloak as an indentity broker for my application whose users are getting authenticated through Azure AD. Now once user is authenticated, i need to authenticate/validate the user again in keystone so that they user gets token from keystone for Openstack VMs creation.
Now, here is my query please, when user logs into my application then user gets redirected to loginmicrosoft.com and gets a token (using OAuth2 flow) now the same user who got the token from Azure ad needs to get authenticated in keystone (assume i have the user existing in keystone already). As per Openstack keystone documentation, keystone auth accept user and password for issuing tokens but all i have is the Azure AD issued token (not the user's password). Can you please suggest how can i make use of the Azure AD issued token to get the authentication done at Openstack keystone.
What I have tried so far is.
- Set up keycloak IDP with Azure AD and created an OIDC client for Azure AD auth.
- user is getting created in Keycloak and token is received. #3. Now how to send a silent call to keystone for further authentication for teh user who just got the token from Azure AD.
Kindly provide me inputs.
