Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1217

Unexpected error from SSSD plugin authenticating a nonexistent user

XMLWordPrintable

    • Hide

      1. setup IPA server
      2. setup IPA client
      3. setup RH-SSO on IPA Client
      4. configure SSSD Federation in RH-SSO
      5. setup a SAML client using the domain with the SSSD federation setup
      6. authenticate as existing IPA user
      7. try to authenticate as nonexistent user
      ^^^ fails as described.

      Show
      1. setup IPA server 2. setup IPA client 3. setup RH-SSO on IPA Client 4. configure SSSD Federation in RH-SSO 5. setup a SAML client using the domain with the SSSD federation setup 6. authenticate as existing IPA user 7. try to authenticate as nonexistent user ^^^ fails as described.

      I have a working RH-SSO server with SSSD Federation configured with a RHEL IdM server. I can authenticate with known users, and see disabled users fail as expected. When I try a nonexistent user, however, I see an error message in the browser:

      """
      We're sorry ...

      Unexpected error when handling authentication request to identity provider.
      """

      From the console output from the standalone.sh script, I see:

      16:01:46,145 WARN [org.keycloak.events] (default task-4) type=LOGIN_ERROR, realmId=c46395cc-7439-4b7b-bf67-50ddec63ecd6, clientId=https://sp1.keycloak.test:8443/example_app/mellon/metadata, userId=null, ipAddress=192.168.122.1, error=invalid_user_credentials, auth_method=saml, redirect_uri=https://sp1.keycloak.test:8443/example_app/mellon/postResponse, code_id=151409fe-af7f-437a-a69f-d99d42a76804, username=dne

            Unassigned Unassigned
            spoore@redhat.com Scott Poore
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: