So, I managed to get users signing in to Azure / Office via Keycloak working, following this guide: Using Keycloak as IdP for Azure AD - Securing applications - Keycloak
As long as the federated user logs in through the browser, everything is fine.
Now I want the users also to be able to login to Windows PCs. So I configured a test PC to use Web SignIn, whitelisted the needed domains (using Windows Configuration Designer) and applied that config to the PC during installation.
A non-federated (i.e. standard Azure AD user) tries to login, everything works fine.
A federated user will at first also see the expected flow:
- Entering the username
- Getting redirected to Keycloak
- Authenticating there
- Redirected back to Windows
However then I only see: “Something went wrong. Please try again later” with no indications anywhere as to what exactly went wrong. Azure Login Logs? Empty. Keycloak states that auth was successful. Windows EventViewer? No idea which error message in there is actually related to this.
Anyone run into this?