Prevent redirect to client application due to errors in IDP authentication, e.g. "Interaction_required"

185 views

Skip to first unread message

robs0n

unread,

Mar 30, 2021, 8:40:57 AM3/30/21

to Keycloak User

Hi,

we use Keycloak with an external IDP(Azure). Within azure, we configure users/groups that should be able to login. If a user belongs to such a group the auth flow works as expected. If a user isn't allowed to login he gets redirected to keycloak(1) with an error. Keycloak redirects back to the client application with that error(2):

Redirect from IDP to Keycloak: https://keycloak.example.com/auth/realms/dev/broker/microsoft/endpoint?error=interaction_required&error_description=AADSTS50105%3a+The+signed+in+user+%27%7bEmailHidden%7d%27+is+not+assigned+to+a+role+for+the+application+...
Redirect from Keycloak to Client Application: https://client-app.example.com/auth/login?auth_callback=1&error=interaction_required

So far so good. :)

Is it possible to prevent the last redirect to the client application(2) and show a keycloak error page instead?

We would like handle any errors from IDP in keycloak itself, without involving the client app.

Anyone has an idea to how to achieve that?

Thanks!

Robert

Reply all

Reply to author

Forward

0 new messages