AWS — User federation using Keycloak & OpenId

AWS OpenID based User federation

If you are not a medium member yet, please use the link here to access it for free

Previously, I had shared the article where one could federate the user to AWS using SAML IDP flow.
And this article focuses on federating the user to AWS using OpenID Connect.
This solution is little complex than the previous as it requires a broker, between Keycloak and AWS

Prerequisites

1. You should have the real urge to do federation between an identity provider and AWS using OpenID.
2. Have some knowledge of — AWS, AWS IAM, OpenID, Access and Identity Management as general topic, Keycloak, etc.
3. Keycloak version 10 or later, already running separately. I used patchy keycloak version 10 while doing all this. And could not wait for version 11.0.0’s release as there was an important blocker issue in version 10.0.1.
4. Basic knowledge of Java(and Spring boot), required for the Broker application.

Scope

1. Configuration setup of OpenID Identity Provider on the AWS side.
2. Role management on the AWS IAM side.
3. Configuration setup on the Keycloak side.
4. And mapping of the users/ groups/…