Login Flow Cycles Until it fails

I had an issue with Azure SSO login. I’m posting the problem and solution in case someone else searches for the issue. The logs were not helpful.

The issue happened when trying to log in as a user that was in Azure SSO but was not yet a user of keycloak. Azure would redirect correctly and keycloak would cycle through endpoints (authorize, endpoint, first-broker-login) until eventually giving up.

The issue was that the Authorization Flow did not take into consideration what to do with new users. For me it was fix by simply adding a “Create User If Unique” step in the flow that this Azure SSO was using.

image

2023-06-06 18:43:35,766 WARN  [org.keycloak.services.resources.IdentityBrokerService] (executor-thread-5) Nested first broker flow detected: Sales360_Comcast_Login -> MY_IDP_ALIAS                      
2023-06-06 18:43:36,627 WARN  [org.keycloak.services.resources.IdentityBrokerService] (executor-thread-5) Nested first broker flow detected: Sales360_Comcast_Login -> MY_IDP_ALIAS                      
2023-06-06 18:43:37,317 WARN  [org.keycloak.services.resources.IdentityBrokerService] (executor-thread-5) Nested first broker flow detected: Sales360_Comcast_Login -> MY_IDP_ALIAS                      
2023-06-06 18:43:38,484 ERROR [org.keycloak.services.resources.IdentityBrokerService] (executor-thread-5) unexpectedErrorHandlingRequestMessage: javax.ws.rs.WebApplicationException: HTTP 200 OK                  
        at org.keycloak.services.resources.IdentityBrokerService.parseSessionCode(IdentityBrokerService.java:1083)                                                                                                 
        at org.keycloak.services.resources.IdentityBrokerService.performLogin(IdentityBrokerService.java:375)```