Authentication error with Microsoft als Identity Provider

Hello,

I am trying to setup Microsoft as an Identity Provider for my Keycloak client. I registered my app in apps.dev.microsoft.com. I added the Identity Provider redirect URI provided by Keycloak to the registered app and I added the Client ID and Client Secret provided by Microsoft to my Keycloak Identity Provider. I am using Keycloak inside a Docker Container from the jboss/keycloak:11.0.0 Image.

These are the settings from my microsoft Identity Provider in Keycloak:

  • Redirect URI: http://localhost:7072/auth/realms/{my_realm}/broker/microsoft/endpoint
  • Client ID : my_client_ID
  • Client Secret: ************
  • Default Scopes: (Empty)
  • Store Tokens: OFF
  • Stored Tokens Readable: OFF
  • Enabled: ON
  • Accepts prompt=none forward from client: OFF
  • Disable User Info: OFF
  • Trust Email: OFF
  • Account Linking Only: OFF
  • Hide on Login Page: OFF
  • GUI order: (Empty)
  • First Login Flow: first broker login
  • Post Login Flow: (Empty)
  • Sync Mode: import

When I try to authenticate in my browser I get a screen saying:

We are sorry…
Unexpected error when authenticating with identity provider

And on the console a 502 Bad Gateway error:

Request URL: http://localhost:7072/auth/realms/{my_realm}ui/broker/microsoft/endpoint?code=Mfe302d19-46b0-e44a-300e-1938e57b8ae4&state=rWjucBWLERTbONIiHCA3EI4t5ubrxZNyi19nwTlcrZY.nyHQDBS1Iz0.{my_app}
    Request Method: GET
    Status Code: 502 Bad Gateway
    Remote Address: [::1]:7072
    Referrer Policy: strict-origin-when-cross-origin
    Connection: keep-alive
    Content-Language: en
    Content-Length: 1662
    Content-Security-Policy: frame-src 'self'; frame-ancestors 'self' http://localhost:3000; object-src 'none';
    Content-Type: text/html;charset=utf-8
    Date: Wed, 12 Aug 2020 10:40:10 GMT
    Strict-Transport-Security: max-age=31536000; includeSubDomains
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    X-Robots-Tag: none
    X-XSS-Protection: 1; mode=block
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
    Connection: keep-alive
    Cookie: AUTH_SESSION_ID_LEGACY=41f49659-1f3f-410b-af85-a4eeef0a25b3.9f7c88d0cbf3; KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1YjhiZGY5MC1kNzNhLTQ2ZWUtYjMyNi0xZmUwNDY5ZDcyYjQifQ.eyJjaWQiOiJmaWxldmVyaWZpY2F0b3ItdWkiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvIiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjcwNzIvYXV0aC9yZWFsbXMvZmlsZXZlcmlmaWNhdG9yLXVpIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvIiwic3RhdGUiOiI2MDNkZjk1MC1jMTIyLTRjYzAtOTFhMy0wNzllNzM2M2RjM2QiLCJub25jZSI6ImYxYzhiYzgxLWIxMzYtNDQwNi1hYjRiLWNlNjhjYWE0NzllYyIsInJlc3BvbnNlX21vZGUiOiJmcmFnbWVudCJ9fQ.O6LU1u05IvZwIRWDRBh7CJjyyCsiRWAk-zDOas8ltTk
    Host: localhost:7072
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: cross-site
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
    code: Mfe302d19-46b0-e44a-300e-1938e57b8ae4
    state: rWjucBWLERTbONIiHCA3EI4t5ubrx

Any help?

I have same issue… and I tried almost all things to fix this… no luck… please help if you find the solution.