[keycloak-user] Unable to process SAML response from Azure AD

I’m trying to setup SAML SSO between Azure AD and Keycloak. On the redirect back after auth, Keycloak is failing to process the response and generates an internal server error: 00:27:04,170 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-5) Uncaught server error: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider. at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:444) at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoint.java:479) at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:237) at org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:157) . . . Caused by: java.lang.NullPointerException at java.util.regex.Matcher.getTextLength(Matcher.java:1283) at java.util.regex.Matcher.reset(Matcher.java:309) at java.util.regex.Matcher.<init>(Matcher.java:229) at java.util.regex.Pattern.matcher(Pattern.java:1093) at java.util.regex.Pattern.split(Pattern.java:1206) at org.keycloak.broker.provider.util.IdentityBrokerState.encoded(IdentityBrokerState.java:41) at org.keycloak.services.resources.IdentityBrokerService.parseEncodedSessionCode(IdentityBrokerService.java:980) at org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:490) at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:440) ... 63 more I’ve posted the SAML response at https://gist.github.com/dieseldjango/72057b7df68dbe3dc289ec8e3f5826bf <https://gist.github.com/dieseldjango/72057b7df68dbe3dc289ec8e3f5826bf>;. The stack trace indicates it’s failing at IdentityBrokerService.parseEncodedSessionCode(). I’ve tried this with Keycloak 3.2.1 and with 4.0 Beta 2. Can someone point me in the right direction to solve this? Thanks, David