We are using KeyCloak (23.0.1) for auth, but we are still new to it.
We have a customer who uses saml SSO. We’ve done the standard metadata exchange, and think (thought?) we have everything configured correctly. When we attempt to go through the saml-sso log in flow:
-
The login with the IdP is successful but upon returning to us, the UI responds with “Unexpected error when authenticating with identity provider”.
-
we’ve set our logging level to DEBUG, and no "ERROR"s or "WARN"s appear in the logs.
-
We have the event logging turned on, but no attempts at saml logins are recorded (other flows are listed).
-
Under “Authentication → Flows” we are using the default “first broker login”. This has worked for us in the past with google.
-
we have created mappers to map the incoming users to the right role.
The only thing the logs show like an error is: “insert into EVENT_ENTITY (CLIENT_ID,DETAILS_JSON,ERROR,IP_ADDRESS,REALM_ID,SESSION_ID,EVENT_TIME,TYPE,USER_ID,ID) values (?,?,?,?,?,?,?,?,?,?)”
We are sort of running out of rocks to look under. Where should we keep looking to try to track this error down? Any advice would be appreciated…