Use this procedure to add Keycloak to AD FS as a relying party trust. This is required to allow Keycloak to redirect clients to AD FS for authentication.
Before you begin
Download the descriptor metadata file in XML format from Keycloak using the following URL: https://<AADS FQDN or IP>/auth/realms/SolutionRealm/broker/<SAML IDP name>/endpoint/descriptor.
Procedure
Log in to the AD FS Manager as an administrator.
Navigate to Relying Party Trust.
On the right side of the screen, select Add Relying Party Trust.
AD FS Manager displays the Add Relying Party Trust wizard.
On the Welcome page of the wizard, select Claim aware and then click Start.
On the Select Data Source page, select Import data about the relying party from a file.
Click Browse and then select the descriptor metadata file in XML format that you downloaded from Keycloak.
Click Next.
On the Specify Display Name page, in Display Name, type a name of your choice for the relying party.
On the Choose Access Control Policy page, select Permit everyone and then click Next.
