Keycloak - AuthenticationFlowException: Not found serialized context in clientSession

Question

I am getting this exception when trying to log in from an external IDP using Keycloak.

Failed authentication: org.keycloak.authentication.AuthenticationFlowException: Not found serialized context in clientSession
    at org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.authenticate(AbstractIdpAuthenticator.java:66)
    at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:200)
    at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:853)
    at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:722)
    at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:286)
    at org.keycloak.services.resources.LoginActionsService.brokerLoginFlow(LoginActionsService.java:753)
    at org.keycloak.services.resources.LoginActionsService.postBrokerLoginGet(LoginActionsService.java:687)
    at sun.reflect.GeneratedMethodAccessor866.invoke(Unknown Source)

The following page is displayed when error occurs.

I know for sure that the user credentials are correct. I have also checked the token mappers for the IDP and everything seems correct.

So what could be the issue here?

Answer 1

Go to Realm Settings -> Login(tab) Try to turn off the Email as username parameter. It it will resolve your issue - then you need to create proper mapper in Mappers tab in identity provider configuration. After your new mapper will properly pass emails as usernames you can turn Email as username on.

Answer 2

I finally figured this out. I had the post login flow set to first broker login in my Identity Provider settings. It should be left blank for my Identity Provider.