Hello keycloak users, we are a company developing erp-software and want to use keycloak for our SSO server. I will shortly explain our given scenario: We have our application running on a wildflyserver protected with keycloak adapter in the standalone xml. The keycloak authentification server is running in an other wildfly. Opening our application in the browser, redirecting to keycloak server and singing in is working fine. Now the IDP comes into play. We want to authenticate at the IDP and redirect over the keycloak server directly to our application without a second authentication at the keycloak server. My understanding is to use direct grant as first login flow to get a direct redirect to our application. The idp is a server from one of our customers and we are communicating over saml 2.0. Now the idp is sending a saml response and the keycloak server is responding the following output: {"error":"invalid_request","error_description":"Missing parameter: username"} The username is located in the field urn:oid:0.9.2342.19200300.100.1.1. So why can't keycloak get the username and redirect to our application? The decoded SAML response looks like this: <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0495d5494150cf6d61dd4421a2c04efcf084c5e438" Version="2.0" IssueInstant="2018-08-16T13:26:42Z" Destination="http://qvswm-50-cs2std:20000/auth/realms/saml20-broker-authentication-realm/broker/saml20-identity-provider/endpoint" InResponseTo="ID_67b3a98b-22b7-4fb3-bccf-32f9e5ee3884"><saml:Issuer>idm.ekir.de</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_0495d5494150cf6d61dd4421a2c04efcf084c5e438"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature&quo... Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds... Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:D... <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEMzCCAxugAwIBAgIJAJ5hbfqjs7JMMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNOUlcxDzANBgNVBAcTBkFhY2hlbjEXMBUGA1UEChMOc3luYWl4IElUIEdtYkgxETAPBgNVBAsTCFNlY3VyaXR5MRQwEgYDVQQDEwtpZG0uZWtpci5kZTAeFw0xNjA0MjAxNTAxNDdaFw0zNjA0MjAxNTAxNDdaMG4xCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNOUlcxDzANBgNVBAcTBkFhY2hlbjEXMBUGA1UEChMOc3luYWl4IElUIEdtYkgxETAPBgNVBAsTCFNlY3VyaXR5MRQwEgYDVQQDEwtpZG0uZWtpci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKFv9eW8oqkBqaQzsguz0g9OnCCNOCrIuLNWjEC1Vjb8M3pLgWKt0obvm8BtgcAOSPSJpkFsjgCwiRsymk0yOKhnPhCLrEjqDMCAWLywO5K/H5SvrBc77PCSJRT0ciCdLOonvXzxEn40YEZSwjo+vqyiWt/gLfdeFtcuc8N2nZsZKdIR5V0wwD+ZSQCLNc7bnnw85tZvf6rtxHn6eo6IqzIcYzXyFSIaO0Lrh8ZN+oj9E1YW210+hNJqWb5+/VM4IpZ3jPzgSHqcyA7PxVRMEpWYBuyPNcvGR0tkqwXew51OarUxuiyyx4kTs5wZe+h4MZExnUty2wiJYyyHjpUYBK8CAwEAAaOB0zCB0DAdBgNVHQ4EFgQUr++yKews/ztiL2MslG+rTjImjAkwgaAGA1UdIwSBmDCBlYAUr++yKews/ztiL2MslG+rTjImjAmhcqRwMG4xCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNOUlcxDzANBgNVBAcTBkFhY2hlbjEXMBUGA1UEChMOc3luYWl4IElUIEdtYkgxETAPBgNVBAsTCFNlY3VyaXR5MRQwEgYDVQQDEwtpZG0uZWtpci5kZYIJAJ5hbfqjs7JMMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAObYr07VN0dtR3QUwLNq/xii154BIa1jDgvDEgSlf3Em161pXKU+/8hvHpwQFSp4w82GtiU8gYxiRVpBR02xa0PQ9d6dWRqhVtAzJloQQWIfiH75K97VLqOt77IPTuxIry84KztPnCUKxSSYyBBZ/tlJtSdAT2ce+imFHJxnSIucJoCB7gWNI3S6IoOlN3HwNmAT2BXoXXEpFsQdFEUTnOGcmxTtXh5Mqt0v3aJv3lcITHqazIGCPuPC4sbB0iuU6eRqvUXUED6Bn7JuEZmYaZ1H5sxzHu06xa+smDDGE15UXns5CB0BlaP2r8LckcRjOsPnAzKmp3Zr6uvD/+K7Ps=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_2f00bcc88e72b831d12c3bd2cde89885036b8034ba" Version="2.0" IssueInstant="2018-08-16T13:26:42Z"><saml:Issuer>idm.ekir.de</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_2f00bcc88e72b1d12c3bd2cd885036b8034ba"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature&quo... Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds... Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:D... <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEMzCCAxugAwIBAgIJAJ5hbs7JMMA0GCSqGSIb3DQEBBQUG4xCzAJBgBAYTAkRFMQwwCgYDVQQIEwNOUlcxDzANBgNAcTBkFhY2hlbjEXMBUGA1UEChMOc3luYWl4IElUIEdtYkgxETAPBgNVBAsTCFNlY3VyaXR5MRQwEgYDVQQDEwtpZG0uZWtpci5kZTAeFw0xNjA0MjAxNTAxNDdaFw0zNjA0MjAxNTAxNDdaMG4xCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNOUlcxDzANBgNVBAcTBkFhY2hlbjEXMBUGA1UEChMOc3luYWl4IElUIEdtYkgxETAPBgNVBAsTCFNlY3VyaXR5MRQwEgYDVQQDEwtpZG0uZWtpci5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKFv9eW8oqkBqaQzsguz0g9OnCCNOCrIuLNWjEC1Vjb8M3pLgWKt0obvm8BtgcAOSPSJpkFsjgCwiRsymk0yOKhnPhCLrEjqDMCAWLywO5K/H5SvrBc77PCSJRT0ciCdLOonvXzxEn40YEZSwjo+vqyiWt/gLfdeFtcuc8N2nZsZKdIR5V0wwD+ZSQCLNc7bnnw85tZvf6rtxHn6eo6IqzIcYzXyFSIaO0Lrh8ZN+oj9E1YW210+hNJqWb5+/VM4IpZ3jPzgSHqcyA7PxVRMEpWYBuyPNcvGR0tkqwXew51OarUxuiyyx4kTs5wZe+h4MZExnUty2wiJYyyHjpUYBK8CAwEAAaOB0zCB0DAdBgNVHQ4EFgQUr++yKews/ztiL2MslG+rTjImjAkwgaAGA1UdIwSBmDCBlYAUr++yKews/ztiL2MslG+rTjImjAmhcqRwMG4xCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNOUlcxDzANBgNVBAcTBkFhY2hlbjEXMBUGA1UEChMOc3luYWl4IElUIEdtYkgxETAPBgNVBAsTCFNlY3VyaXR5MRQwEgYDVQQDEwtpZG0uZWtpci5kZYIJAJ5hbfqjs7JMMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAObYr07VN0dtR3QUwLNq/xii154BIa1jDgvDEgSlf3Em161pXKU+/8hvHpwQFSp4w82GtiU8gYxiRVpBR02xa0PQ9d6dWRqhVtAzJloQQWIfiH75K97VLqOt77IPTuxIry84KztPnCUKxSSYyBBZ/tlJtSdAT2ce+imFHJxnSIucJoCB7gWNI3S6IoOlN3HwNmAT2BXoXXEpFsQdFEUTnOGcmxTtXh5Mqt0v3aJv3lcITHqazIGCPuPC4sbB0iuU6eRqvUXUED6Bn7JuEZmYaZ1H5sxzHu06xa+smDDGE15UXns5CB0BlaP2r8LckcRjOsPnAzKmp3Zr6uvD/+K7Ps=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://qvswm-50-cs2std:20000/auth/realms/saml20-broker-authentication-realm" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">94fbf27f692f840a63ea08a0eb8153ec86d022ea</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2018-08-16T13:31:42Z" Recipient="xxxxx" InResponseTo="ID_67b3a98b-22b7-4fb3-bccf-32f9e5ee3884"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2018-08-16T13:26:12Z" NotOnOrAfter="2018-08-16T13:31:42Z"><saml:AudienceRestriction><saml:Audience>http://qvswm-50-cs2std:20000/auth/realms/saml20-broker-authentication-realm</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2018-08-16T13:26:42Z" SessionNotOnOrAfter="2018-08-17T13:26:42Z" SessionIndex="_4e34b8713e382904ca49318f0ed93f44032b19f297"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">test2.syn</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">syn</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">test2.syn@ek.de</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">test2</saml:AttributeValue></saml:Attribute><saml:Attribute Name="mobile" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string"></saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string"></saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response> I would appreciate to get some help from the community. Mit freundlichen Grüßen/Best regards Alexander Vollertsen Systementwickler | System Developer Systementwicklung | System Development Phone: +49 731 9650-373 | Fax: Email: Alexander.Vollertsen(a)wilken.de | Web: www.wilken.de [Bestätigung der Daten]<http://www.wilken.de/datenschutz/dsgvo/> Wilken GmbH Hörvelsinger Weg 29-31 89081 Ulm, Germany Sitz der Gesellschaft: Ulm Amtsgericht Ulm: HRB 794 Geschäftsführer: Folkert Wilken, Peter Heinz, Dr. Jörg Vogt