Troubleshooting
This section provides troubleshooting strategies and the solutions for common errors.
Authentication failure - Unexpected error
Possible causes
In SAS, with external IDP redirection functionality, if authentication is invalidated and error message is displayed. This is probably because no mapper is added on external IDP or the mapper value is incorrect.
Solution
In IDP redirection, after authentication on external IDP, the control redirects to SAS IDP, then claim verification happens.
For claim validation, you need to add mapper on external IDP client. the mapper addition process is unique for every IDP.
To add a new mapper in Keycloak server, go to Client > Client ID > Mappers.
Authentication failure - Unable to Verify account
Possible causes
After new installation of SAS, there can be a time out issue during initial call to SAS API for user validation, which might gives error message in keycloak logs with "SAS API is down".
Solution
The issue is related to timeout. Browse the SAS API url. For example: http(s):<sas-server-ip>:<port>/SAS
While validating the application for the first time through Keycloak, time is consumed to send response and in that period Keycloak gets time out.
Therefore, it is observed once the SAS API url is browsed, the validation starts passing.
Uninstall - Providers Removal issue
Possible causes
After uninstalling Keycloak Agent or removing the providers, Keycloak server build fails with an error - Not able to find token-validator-adapter-jar-with-dependencies.jar.
Solution
-
Download/Unzip Keyclock server(version 22.0.5).
-
Copy
quarkus-application.datfile from a newly downloaded Keycloak server folder and replace it with the existing Keycloak serverquarkus-application.datfile. -
Try to build Keycloak server.
Note
The path of quarkus-application.dat file is:
{keycloakDirectory}\keycloak-22.0.5\lib\quarkus\quarkus-application.dat
