Azure IdP sometimes doesn't work (failed to make identity provider oauth callback)


I’m having troubles with integrating Azure AD with KeyCloak (running in the docker). I’m confused, because sometimes it just works and sometimes not.

Error logs:

2023-03-07 09:41:23,719 WARN  [] (executor-thread-14) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId={guid_removed}, clientId=foo, userId=null, ipAddress=, error=identity_provider_login_failure, code_id={{guid_removed}}, authSessionParentId=fb4d9e4c-71e4-4fe9-9243-12cd2bb5d41e, authSessionTabId=QLEChgOVxDM
2023-03-07 09:41:55,251 INFO  [org.apache.http.impl.execchain.RetryExec] (executor-thread-20) I/O exception (org.apache.http.NoHttpResponseException) caught when processing request to {s}-> The target server failed to respond
2023-03-07 09:41:55,251 INFO  [org.apache.http.impl.execchain.RetryExec] (executor-thread-20) Retrying request to {s}->
2023-03-07 09:41:55,251 ERROR [] (executor-thread-30) Failed to make identity provider oauth callback: Connection reset

I have a demo app, but I’m also using console login to test it “http://localhost:8080/admin/azure/console/#/”.
In network tab I see “502 Bad Gateway” error. It happens after I enter valid credentials and I’m redirected.

I can share my settings, if needed, but I don’t see anything strange, I followed @dasniko tutorial.

Can you give me a hint, what should I check?

It was pretty hard to determine what happened. Solution for me was to generate jks and use it as described here: Configuring trusted certificates for outgoing requests - Keycloak