I have setup external IDP(PingFederation) in Keycloak(Identitiy provider) in which I have imported configuration from the xxx.well-known/openid-configuration URL(OIDC setup). After clicking on SSO option of the application, it authenticates(checked via inspect element) successfully and further validates the token in which it throws 502 error. however it shows below error in the logs:
ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-187) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server. error='invalid_client', error_description='Invalid JWT token', error_uri='null'
Also, If anyone can provide documentation related to mappers to be set while using OIDC method(IDP- Ping federation)
I tried to enable\tweak certain options on Keycloak but nothing is working. However end goal is to authenticate the user via Keycloak IDP(OIDC setup with PingFederation).
I sorted it out by myself, PFB the configuration and steps for the same:
Keycloak Configuration:
Login to Keycloak → Identity provider → Add Provider → OpenID Connect v1.0
Set below configuration:
Scroll down to the bottom and put the URL provided by the customer(well-known config path) and click on Import and then Save.
Authentication method: select Client Authentication as "JWT signed with private key"
Then you need to enable JWKS setting in the clients section for your respective client:
Provide Public key to IDP side or customer which is typically located on the below URL:
https:///auth/realms//protocol/openid-connect/certs
Create mappers:
Email: The claim name should be matched which is mentioned on the IDP side:
