Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13274

Redirect loop with authentication success but access denied at default identity provider

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Specific case where Keycloak loops on querying one identity provider

      The Realm setup:

      • OIDC client
      • A SAML identity provider configured to query an ADFS instance.
      • "First broker login" authorization flow configured to use this saml identity provider only

      If the user exists in the ADFS and is granted access, everyhting works fine.
      But if the user doe snot have access to the ADFS party trust, the authentication flow goes in loop between these 2 URLs:

      Is this a configuration issue ?
      it seems that the response send out by the ADFS instance is not well understood by keycloak in this case, is it out of the SAML standard protocol ?

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  hmlnarik Hynek Mlnařík
                  Reporter:
                  grahammm Graham Crosmarie
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated: