1

Actually I am doing setup of identity provider using oidc, followed this documentation. After authentication of external provider I'am getting below error for post-broker-login.

{"error":"invalid_request","error_description":"Missing parameter: username"}

and I'am thinking that the issue is with the returned data from the external provider. External provider userinfo endpoint not returning any username instead returning email So I tried to configure mapper to claim email as username as you can see in the screenshot. Can anyone please help me out?

enter image description here

When I trace the keycloak log got below

[0m[33m06:52:04,179 WARN  [org.keycloak.events] (default task-5) type=IDENTITY_PROVIDER_POST_LOGIN_ERROR, realmId=Calipressed-1, clientId=account-console, userId=null, ipAddress=172.17.0.1, error=user_not_found, identity_provider=zaikio, auth_method=openid-connect, auth_type=code, redirect_uri=http://localhost:8080/auth/realms/demo/account/#/, identity_provider_identity=test@testing.com, code_id=8f2e65c-a612-4982-8370-e9a243668e61, authSessionParentId=8f2e65cd-a612-4982-8370-e9a243668e6, authSessionTabId=5L1mxMCoEZ

Update ::

When I set both flow as browser, It first authenticate with external idp and then redirect to post-broker-login page (keycloak) and when I tried to login with same username, password it throws error that Invalid username or password.

Ritesh Khatri
  • 1,253
  • 13
  • 29

1 Answers1

2

In the Identity Provider Configuration set the field First Login Flow as 'first broker login' and leave the Post Login Flow field empty (unless you really need additional verification of each user authenticated with that IDP).

Additionally, you can also try to create at the Identity Provider configuration a Mapper of type Username Template importer.

In the template field you can use: ${CLAIM.email}, and for the target field you can use LOCAL.

dreamcrash
  • 47,137
  • 25
  • 94
  • 117