We have configured Keycloak as Identity Broker to external SAML2 based Identity Provider. For most of the users, we are able to sign in without any issues, but for some, we are facing issues at Keycloak end saying "Unexpected error when handling authentication request to identity provider". As all the users are from the same organization, the SAML assertions are identical, and we can't find any error in logs. Keycloak version in question is 4.3.0.Final. Has anyone faced a similar issue? Please help. TIA

2

1 Answer

Fix or disable faulty User Federation providers.

We had an improperly configured LDAP provider under User Federation which was also set to be the highest priority provider, so when a user logged in, Keycloak checked LDAP first which always failed and returned Unexpected error when handling authentication request to identity provider.

When the LDAP entry was disabled, Keycloak passed control on to the next provider which was able to authenticate the user successfully.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy