Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1283

Failed to make identity provider oauth callback

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • Archive - 21'
    • RH-SSO-7.2.0.GA
    • Protocol - OIDC
    • None
    • Hide

      Configure Microsoft as identity Provider to use in Identity brokering scenario. Configure the corresponding client in Microsoft, with the corresponding redirect url. Start the OIDC flow on RH SSO and click on the external IDP button. Successfully authenticate and authorize the application. Failure on RH SSO with the following error stack:

      20:24:08,733 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-47) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access token available in OAuth server response: {"id_token":"some-id-token"}
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getFederatedIdentity(AbstractOAuth2IdentityProvider.java:279)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:399)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      Show
      Configure Microsoft as identity Provider to use in Identity brokering scenario. Configure the corresponding client in Microsoft, with the corresponding redirect url. Start the OIDC flow on RH SSO and click on the external IDP button. Successfully authenticate and authorize the application. Failure on RH SSO with the following error stack: 20:24:08,733 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] ( default task-47) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access token available in OAuth server response: { "id_token" : "some-id-token" } at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getFederatedIdentity(AbstractOAuth2IdentityProvider.java:279) at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:399) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

      When trying to configure Microsoft as Identity Provider to use in Identity Brokering scenario, I received the error in $subject when successfully authenticating the flow in Microsoft. Suspect the issue is with the fact that Microsoft is only returning an id_token while RH SSO is expecting an access_token.
      Same result even if I build my own IDP using the Microsoft exposed endpoints.

              Unassigned Unassigned
              lucamaf Luca Mattia Ferrari
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: