3:56 p.m.
Hi,
we have a keycloak instance up and running which we want to use for
identity brokering (
https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_br...)
with another keycloak instance.
We use the keycloak to keycloak identity broker method, which is offered in
the admin dashboard of keycloak. After configuring the required fields and
setting the authentication method for the browser flow to redirect to our
"keycloak identity broker", we get an exception in the server logs of the
"consuming keycloak":
14:38:09,312 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
task-52) Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: No access_token
from server.
at
org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:476)
at
org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:344)
at
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:422)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
I have described the problem more in-depth in this JIRA ticket:
https://issues.jboss.org/browse/KEYCLOAK-9829
Has someone set up keycloak to keycloak identity brokering before?
Am I missing some configuration in the client settings within my "keycloak
identity broker"?
Thanks
Jody
4:58 p.m.
I recently had this issue, reason being that the client secret for the external identity
provider was wrong... Maybe you have got the same problem. The error message is a bit
misleading.
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Open Source Services (INST-CSS/BSV-OS2)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY |
www.bosch-si.com
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 |
Sebastian.Schuster(a)bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber,
Michael Hahn, Dr. Aleksandar Mitrovic
-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
Im Auftrag von Jody H
Gesendet: Freitag, 15. März 2019 15:57
An: keycloak-user(a)lists.jboss.org
Betreff: [keycloak-user] Keycloak to Keycloak identity brokering fails with "No
access_token from server"
Hi,
we have a keycloak instance up and running which we want to use for identity brokering (
https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_br...)
with another keycloak instance.
We use the keycloak to keycloak identity broker method, which is offered in the admin
dashboard of keycloak. After configuring the required fields and setting the
authentication method for the browser flow to redirect to our "keycloak identity
broker", we get an exception in the server logs of the "consuming
keycloak":
14:38:09,312 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
task-52) Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: No access_token from server.
at
org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:476)
at
org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:344)
at
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:422)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
I have described the problem more in-depth in this JIRA ticket:
https://issues.jboss.org/browse/KEYCLOAK-9829
Has someone set up keycloak to keycloak identity brokering before?
Am I missing some configuration in the client settings within my "keycloak identity
broker"?
Thanks
Jody
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2142
days inactive
2142
days old
1 comments
2 participants
participants (2)
-
Jody H -
Schuster Sebastian (INST-CSS/BSV-OS2)