[keycloak-user] Keycloak SAML IDP configuration problems

I am having a problem setting up Okta as an IDP with keycloak as the SP using SAML. We are using keycloak 3.2.1. What we want: We want to prepopulate the users from Okta in keycloak (only a handful of users are involved). So that when a user comes from Okta to our application no registration info has to be entered or confirmed. The user will be authenticated with Okta, click on the application link. Keycloak will handle the SAML authentication and then redirect the user to our application. What I have so far: I am initiating login to the application from Okta. When the user comes from Okta they are prompted to update account information. Then a message appears stating that the account already exists, click add to existing account. The user receives the verify email and confirms linking. Then the user goes back to the browser window and continues and is redirected to a page that doesn't exist. Link from SP: https://myHost/auth/realms/myRealm/login-actions/first-broker-login?code=... Link it redirects to: https://myHost/auth/realms/myRealm/broker/null The user is linked to the identity provider and a session is created. At this point I am starting to think that we shouldn't use this version of Keycloak and wondering if this is a bug or configuration issue. Any help would be appreciated. Thanks Drew