Authenticate to Link Account Failed (Keycloak OIDC)


I have set up 2 keycloak servers:

  • One is acting as Identity Broker
  • Other is acting as Identity Provider

On Identity Broker I have added an Identity Provider that points to keycloak identity provider (mentioned above) with the following settings:

  • First Login Flow: first broker login
  • Sync Mode: force

I have the following use case where authentication / first broker login flow is failing:

Create a User on Identity Provider and upon first login from Identity Broker that user was created on the broker and works perfectly as per the flow of Create User If Unique.

But in case if the User is deleted from Identity Provider and re-added to Identity Provider with the same username then Identity Broker failed to log in to that user. In this case, the user is not unique and the account link flow is being executed and upon authentication from Identity Provider, it failed to log in by giving an invalid username/password error.

Following is the screenshot attached when I try to login from Identity Broker:

Upon Clicking Add to existing account, it asks for username and password for Authenticate to link your account with keycloak-oidc but failed authentication by giving invalid username/password error.

Can anyone please help me to identify the failure reason and How to make it work properly for this use-case?

Saad Rasool