invalid_request for broker login microsoft

896 views
Skip to first unread message

Sébastien

unread,
Oct 4, 2021, 2:24:11 PM10/4/21
to Keycloak User
Hi there,
I am struggling for a long time trying to configure this provider. While it seems simple, I don't get a very detailed message, thus I don't where to look at.

This is how I configured it:
  1. Deploy KC using the latest 15 Docker version
  2. Create a new Microsoft IDP broker using the official doc: https://www.keycloak.org/docs/latest/server_admin/index.html#microsoft 
  3. Configure my app for SSO with your KC docker
  4. Try to connect to my application using KC
  5. Get redirected to KC login page, click on Microsoft button
  • Get redirected to MS login page
  • Enter a proper email address, you got redirected to KC directly
  • KC display the following error message:

Unexpected error when authenticating with identity provider
KC logs show the following error:
 [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-272) invalid_request for broker login microsoft

If anyone was able to configure Azure with keycloak as an IDP provider, I would more than happy to know how he did that!


Thanks in advance, any help is welcomed!

Sébastien

unread,
Nov 24, 2021, 5:55:16 AM11/24/21
to Keycloak User
Hi,
since my message I tried different things with no luck, nobody knows how to achieve this configuration?
I must say I am stuck for good :(

Niko Köbler

unread,
Nov 24, 2021, 7:29:12 AM11/24/21
to Keycloak User
How did you configure your Azure AD app integration?
If you use the KC Microsoft "social" provider, you have to use as supported account types "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".
The MS social provider has some hard coded urls which only are valid if you made above choice.
For everything else, you'll have to use the generic OIDC broker and configure the properties in detail.
See also my video here, perhaps it will help: https://youtu.be/LYF-NLHD2uQ

Sébastien

unread,
Nov 24, 2021, 8:23:58 AM11/24/21
to Keycloak User
Hi Niko, thank you for having take the time to help me.
As I said, I used the official doc: https://www.keycloak.org/docs/latest/server_admin/index.html#microsoft to configure my Keycloak instance.

It seems you are using an enterprise version of Azure, for your own users, where I would like to allow anyone with a Microsoft account to be able to login on my KC instance.
(I don't have an Azure paid account BTW)

I just want people with a Microsoft account and not a Facebook one (because FB connector works properly already) to connect.

Thank you in advance for your help.
Reply all
Reply to author
Forward
0 new messages