Hello,
I am trying to setup Microsoft as an Identity Provider for my Keycloak client. I registered my app in apps.dev.microsoft.com. I added the Identity Provider redirect URI provided by Keycloak to the registered app and I added the Client ID and Client Secret provided by Microsoft to my Keycloak Identity Provider. I am using Keycloak inside a Docker Container from the jboss/keycloak:11.0.0 Image.
These are the settings from my microsoft Identity Provider in Keycloak:
- Redirect URI: http://localhost:7072/auth/realms/{my_realm}/broker/microsoft/endpoint
- Client ID : my_client_ID
- Client Secret: ************
- Default Scopes: (Empty)
- Store Tokens: OFF
- Stored Tokens Readable: OFF
- Enabled: ON
- Accepts prompt=none forward from client: OFF
- Disable User Info: OFF
- Trust Email: OFF
- Account Linking Only: OFF
- Hide on Login Page: OFF
- GUI order: (Empty)
- First Login Flow: first broker login
- Post Login Flow: (Empty)
- Sync Mode: import
When I try to authenticate in my browser I get a screen saying:
We are sorry…
Unexpected error when authenticating with identity provider
And on the console a 502 Bad Gateway error:
Request URL: http://localhost:7072/auth/realms/{my_realm}ui/broker/microsoft/endpoint?code=Mfe302d19-46b0-e44a-300e-1938e57b8ae4&state=rWjucBWLERTbONIiHCA3EI4t5ubrxZNyi19nwTlcrZY.nyHQDBS1Iz0.{my_app}
Request Method: GET
Status Code: 502 Bad Gateway
Remote Address: [::1]:7072
Referrer Policy: strict-origin-when-cross-origin
Connection: keep-alive
Content-Language: en
Content-Length: 1662
Content-Security-Policy: frame-src 'self'; frame-ancestors 'self' http://localhost:3000; object-src 'none';
Content-Type: text/html;charset=utf-8
Date: Wed, 12 Aug 2020 10:40:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Cookie: AUTH_SESSION_ID_LEGACY=41f49659-1f3f-410b-af85-a4eeef0a25b3.9f7c88d0cbf3; KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1YjhiZGY5MC1kNzNhLTQ2ZWUtYjMyNi0xZmUwNDY5ZDcyYjQifQ.eyJjaWQiOiJmaWxldmVyaWZpY2F0b3ItdWkiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvIiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjcwNzIvYXV0aC9yZWFsbXMvZmlsZXZlcmlmaWNhdG9yLXVpIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvIiwic3RhdGUiOiI2MDNkZjk1MC1jMTIyLTRjYzAtOTFhMy0wNzllNzM2M2RjM2QiLCJub25jZSI6ImYxYzhiYzgxLWIxMzYtNDQwNi1hYjRiLWNlNjhjYWE0NzllYyIsInJlc3BvbnNlX21vZGUiOiJmcmFnbWVudCJ9fQ.O6LU1u05IvZwIRWDRBh7CJjyyCsiRWAk-zDOas8ltTk
Host: localhost:7072
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
code: Mfe302d19-46b0-e44a-300e-1938e57b8ae4
state: rWjucBWLERTbONIiHCA3EI4t5ubrx
Any help?