as for you, from which transaction depicted in the diagram did the error arise? PFA ( 23rd and 24th page ) - there should have been a stack trace after "invalidRequestMessage", could you please share it? We could see keycloak logs as below 14:10:39,362 WARN [org.hibernate.dialect.H2Dialect] (ServerService Thread Pool -- 47) HHH000431: Unable to determine H2 database version, certain features m work 14:11:30,567 WARN [org.keycloak.events] (default task-1) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=10.9.7.2,=invalidRequestMessage 14:11:30,568 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-1) invalidRequestMessage 14:11:51,668 WARN [org.keycloak.events] (default task-2) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=10.9.7.2,=invalidRequestMessage 14:11:51,669 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-2) invalidRequestMessage - what was the SAML payload of the request that lead to an error? You can obtain it from F12 -> Network in your browser (but don't forget to scrub any sensitive data) I did not understand what is SAML payload .we are using SAML 2.0 standrd. What is F12 . So far we did not configure any load balancer yet On Sun, Jul 22, 2018 at 11:10 PM Dmitry Telegin <dt(a)acutus.pro&gt; wrote: > Hi Vandana, > > Excellent diagram! However I'm afraid we'll need some additional info: > - as for you, from which transaction depicted in the diagram did the > error arise? > - there should have been a stack trace after "invalidRequestMessage", > could you please share it? > - what was the SAML payload of the request that lead to an error? You > can obtain it from F12 -> Network in your browser (but don't forget to > scrub any sensitive data) > > Cheers, > Dmitry Telegin > CTO, Acutus s.r.o. > Keycloak Consulting and Training > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic > +42 (022) 888-30-71 > E-mail: info(a)acutus.pro > > On Fri, 2018-07-20 at 15:44 -0500, vandana thota wrote: > > ERROR [org.keycloak.services.resources.IdentityBrokerService] > > (default > > task-25) invalidRequestMessage > > > > We are configuring the Single sign on for the application deployed on > > the > > Wildfly instance by having keycloak , external IDP , SAML 2.0 > > standards > > .Below is the flow . > > > > There was an error at the flow while we are trying this flow . PFA It > > has > > pictorial representation of the flow . > > Wildfly app or servlet container -> (SP) SAML request to IdP -> > > Keycloak -> > > (identify Okta IdP... may or may not need a username) -> (SP SAML > > Request > > to Okta) -> Okta IdP (May or may not need user to login depends on if > > they > > have an active okta session or not) -> IdP SAML Response -> Keycloak > > -> IdP > > SAML Response Wildfly app / servlet container > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user >