[keycloak-dev] first broker login always shows: "your already logged in"

Naftali van der Loon naftali at vanderloon.nl
Thu Mar 15 07:26:41 EDT 2018


Hi, If i configure a new google broker, it always shows: "your already
logged in"
It seems to never redirect back to my application.

The logging shows the following warning:

Not present cache item for key LoginFailureKey [ realmId=mgb.
userId=1178a3e9-f20a-4564-b921-22e196b6ab9b

If I try to login again from my application, I get an unexpected error.
logging shows:

ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
task-17) Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: No access_token from
server.
at
org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:444)

With some more logging I see that a POST request to
www.googleapis.com/oauth2/v3/token returns a 401 Unauthorized

the following request params were sent:
code=4%2FAADq7hCNFYS8Sn5fSaKTO-Z4NFsWp8dt-_rxDFfI9zV5by4zeKLKy9EIw-1S0xD7WZs8O2lIwVQpbYdhv-eRcDc&grant_type=authorization_code&client_secret=**********&redirect_uri=https%3A%2F%
2Fsecure.mydomain.nl
%2Fauth%2Frealms%2Fbloxsense%2Fbroker%2Fgoogle%2Fendpoint&client_id=
770468752706-kvjr3kjmi12uokbe30ldpu4lt43k05vm.apps.googleusercontent.com"

I tried using stickie sessions in my loadbalancer, there is no difference
in behaviour..

This is a HA setup using the helm chart

Greetz
Naftali


More information about the keycloak-dev mailing list