[keycloak-user] Keycloak to Keycloak identity brokering fails with "No access_token from server"

Schuster Sebastian (INST-CSS/BSV-OS2) Sebastian.Schuster at bosch-si.com
Fri Mar 15 11:58:33 EDT 2019


I recently had this issue, reason being that the client secret for the external identity provider was wrong... Maybe you have got the same problem. The error message is a bit misleading.

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster

Open Source Services (INST-CSS/BSV-OS2) 
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 | Sebastian.Schuster at bosch-si.com

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B 
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic 



-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> Im Auftrag von Jody H
Gesendet: Freitag, 15. März 2019 15:57
An: keycloak-user at lists.jboss.org
Betreff: [keycloak-user] Keycloak to Keycloak identity brokering fails with "No access_token from server"

Hi,

we have a keycloak instance up and running which we want to use for identity brokering (
https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker)
with another keycloak instance.

We use the keycloak to keycloak identity broker method, which is offered in the admin dashboard of keycloak. After configuring the required fields and setting the authentication method for the browser flow to redirect to our "keycloak identity broker", we get an exception in the server logs of the "consuming keycloak":

14:38:09,312 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
task-52) Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: No access_token from server.

	at org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:476)

	at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:344)

	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:422)

	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)


I have described the problem more in-depth in this JIRA ticket:
https://issues.jboss.org/browse/KEYCLOAK-9829

Has someone set up keycloak to keycloak identity brokering before?
Am I missing some configuration in the client settings within my "keycloak identity broker"?

Thanks
Jody
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list