Apex Code Development You need to sign in to do that
Don't have an account?
openId Connect bad response
I have seen a few posts here and there regarding this, but none appear to have a solution for me.
I am attempting to implement keycloak as our authentication provider in our organization wide Salesforce environment. I have an authentication provider setup in Salesforce and a client established in the authentication provider. I open my browser and load the test endpoint from the Salesforce authentication provider setup screen. This redirects me to the auth provider to login. Upon successful login, I get a response from the authentication provider with my state and code. The next endpoint loaded is the error URL from the auth provider configuration within Salesforce with three parameters:
* ErrorCode=No_Openid_Response
* ErrorDescription=Bad+response
* ProviderId={{The ID of the Auth config in SF}}
Everything I'm seeing about the auth response looks correct; I have tried to decode the message to see if there is anything malformed but I haven't been successful in decoding.
I've seen other posts confirming their issue is a self-signed certificate. I've verified the certificate authority on the auth provider is a 'allowed' authority.
The issue appears to be Salesforce rejecting the auth response, but I'm not sure how to debug this let alone solve this.
I am attempting to implement keycloak as our authentication provider in our organization wide Salesforce environment. I have an authentication provider setup in Salesforce and a client established in the authentication provider. I open my browser and load the test endpoint from the Salesforce authentication provider setup screen. This redirects me to the auth provider to login. Upon successful login, I get a response from the authentication provider with my state and code. The next endpoint loaded is the error URL from the auth provider configuration within Salesforce with three parameters:
* ErrorCode=No_Openid_Response
* ErrorDescription=Bad+response
* ProviderId={{The ID of the Auth config in SF}}
Everything I'm seeing about the auth response looks correct; I have tried to decode the message to see if there is anything malformed but I haven't been successful in decoding.
I've seen other posts confirming their issue is a self-signed certificate. I've verified the certificate authority on the auth provider is a 'allowed' authority.
The issue appears to be Salesforce rejecting the auth response, but I'm not sure how to debug this let alone solve this.
* Consumer Key and Secret removed
callback url: https://test.salesforce.com/services/authcallback/00D29000000DXnCEAW/MBO_Keycloak_Dev
Which is what's being sent back:
https://test.salesforce.com/services/authcallback/00D29000000DXnCEAW/MBO_Keycloak_Dev?state={{Redacted}}&code={{Redacted}}