[keycloak-user] Keycloak to Keycloak identity brokering fails with "No access_token from server"
Jody H
j9dy1g at gmail.com
Fri Mar 15 10:56:51 EDT 2019
Hi,
we have a keycloak instance up and running which we want to use for
identity brokering (
https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker)
with another keycloak instance.
We use the keycloak to keycloak identity broker method, which is offered in
the admin dashboard of keycloak. After configuring the required fields and
setting the authentication method for the browser flow to redirect to our
"keycloak identity broker", we get an exception in the server logs of the
"consuming keycloak":
14:38:09,312 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
task-52) Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: No access_token
from server.
at org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:476)
at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:344)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:422)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
I have described the problem more in-depth in this JIRA ticket:
https://issues.jboss.org/browse/KEYCLOAK-9829
Has someone set up keycloak to keycloak identity brokering before?
Am I missing some configuration in the client settings within my "keycloak
identity broker"?
Thanks
Jody
More information about the keycloak-user
mailing list