This is the codeAbility Sharing Platform! Learn more about the codeAbility Sharing Platform.

Skip to content
Snippets Groups Projects

KeyCloak Encountered Problems

Last edited by Adrian Bracher

InvalidFederatedIdentityActionMessage

Description:

When logging in at oeresource or the sharing platform via Keycloak / TU Wien Identity Provider we see InvalidFederatedIdentityActionMessage, and cannot proceed. Screenshot_2024-04-22_at_14.37.52

Cause:

The identity providers' X509 certificate expired.

Solution:

  1. Download the current SAML entity from https://idp.zid.tuwien.ac.at/saml2. For other identity providers see https://eduid.at/entities/idp/
  2. Go to the keycloak admin console
  3. Navigate to Identity Providers (left sidebar)
  4. Choose Vienna University of Technology
  5. Scroll to Validating X509 Certificates
  6. Insert X509 certificate from SAML entity and click save

"500 Internal Server Error" @ TU Wien Identity Provider (ZID)

Description:

When logging out at oeresource, the user is not correctly redirected back, but sees a vague "500 Internal Server Error" and is stuck at the identity providers' site. Screenshot_2024-04-22_at_14.53.21

Cause:

In our case, the single logout endpoint was not passed on to the identity provider correctly.

Solution:

  1. Go to the keycloak admin console
  2. Navigate to Identity Providers (left sidebar)
  3. Choose Vienna University of Technology
  4. Enable "backchannel logout" and save

Screenshot_2024-04-22_at_14.58.25