Reputation: 186
Keycloak "Unexpected error when handling authentication request to identity provider"
We have configured Keycloak as Identity Broker to external SAML2 based Identity Provider. For most of the users, we are able to sign in without any issues, but for some, we are facing issues at Keycloak end saying "Unexpected error when handling authentication request to identity provider". As all the users are from the same organization, the SAML assertions are identical, and we can't find any error in logs. Keycloak version in question is 4.3.0.Final. Has anyone faced a similar issue? Please help. TIA
Upvotes: 9
Views: 33453
Answers (1)
Reputation: 758
Fix or disable faulty User Federation providers.
We had an improperly configured LDAP provider under User Federation which was also set to be the highest priority provider, so when a user logged in, Keycloak checked LDAP first which always failed and returned Unexpected error when handling authentication request to identity provider.
When the LDAP entry was disabled, Keycloak passed control on to the next provider which was able to authenticate the user successfully.
Upvotes: 4
Related Questions
- Problem with Keycloak and logout from SAML identity provider
- "Unexpected error when authenticating with identity provider" error when Keycloak broker is configured as a client to another Keycloak instance
- Keycloak: Invalid SAML Response by External IdP
- Keycloak Identity provider post-broker-login throwing error
- Connecting keycloak with Active Directory with SAML IDP sends empty response
- Keycloak SAML IdP gives invalidFederatedIdentityActionMessage after login
- KeyCloak as IDP to Salesforce SP - SP initiated SSO not working
- Saml setup with Keycloak as Identity Broker and Okta as Identity provider not working
- Standalone Keycloak as Identity-Provider causing error during login
- SAML 2.0 invalid request SSOCIRCLE