Nonce validation blocking authentication
Jeffrey Heneine
During authentication, keycloak is retrieving the authorization code and stopping there. Generation of access token is not happening due to missing parameter 'nonce' from identity provider.
It seems that Zoho People API does not require or support 'nonce' parameter validation and this is blocking the authentication process from continuing.
This is the error shown on keycloak logs :
Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: OpenID Provider [oidc] did not return a nonce
Even though this is not recommended, is there a way to disable this validation? (By downgrading keycloak's version or any other alternative?)
Schuster Sebastian (BD/PAU1)
There is no OOTB way to do this I am aware of. You could just implement your own Identity Provider.
However, the real cause here is your external IDP that is not following OIDC spec. If possible, you should ask them to fix this as there are reasons why this parameter is in the spec…
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Product Area User Management (BD/PAU1)
Bosch.IO GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch.io
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Telefax +49 30 726112-100 | Sebastian...@bosch.io
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Stefan Koss; Geschäftsführung: Dr. Andreas Nauerz, Stephan Lampel
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
keycloak-use...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/keycloak-user/69d2cb6b-51a6-4aee-8213-23c428ed6e3bn%40googlegroups.com.