Failed to create fallback key for realm: realm={my-realm} algorithm=dir use=ENC

I Integrated OKTA Auth0 with Keyclaok using OIDC Identity Provider, I am able to see Login In with Auth0 option but as I click to that, “Unexpected error when authenticating with identity provider” is appearing, on inspecting I am seeing 502 Bad gateway error-


Keyclaok logs --2024-07-16 16:10:41,892 WARN [org.keycloak.events] (executor-thread-28) type=“IDENTITY_PROVIDER_LOGIN_ERROR”, realmId=“6701c092-16e9-436e-be3c-d9d0889b3f7b”, clientId=“account-console”, userId=“null”, ipAddress=“0:0:0:0:0:0:0:1”, error=“identity_provider_login_failure”, code_id=“b5985891-c6ba-4236-bee8-f4e53bb79b94”
2024-07-16 16:11:45,536 ERROR [org.keycloak.keys.DefaultKeyManager] (executor-thread-36) Failed to create fallback key for realm: realm=portal-realm algorithm=dir use=ENC
2024-07-16 16:11:45,537 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-36) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: Could not fetch attributes from userinfo endpoint.
at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:446)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:529)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint$quarkusrestinvoker$authResponse_fef2d69ce31937f365a37fb3083f9247bc4c56d2.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.lang.RuntimeException: Failed to find key: realm=portal-realm algorithm=dir use=ENC
at org.keycloak.keys.DefaultKeyManager.getActiveKey(DefaultKeyManager.java:85)
at org.keycloak.broker.oidc.OIDCIdentityProvider.parseTokenInput(OIDCIdentityProvider.java:642)
at org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:696)
at org.keycloak.broker.oidc.OIDCIdentityProvider.processAccessTokenResponse(OIDCIdentityProvider.java:263)
at org.keycloak.broker.oidc.OIDCIdentityProvider.extractIdentity(OIDCIdentityProvider.java:549)
at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:397)
… 12 more

2024-07-16 16:11:45,540 WARN [org.keycloak.events] (executor-thread-36) type=“IDENTITY_PROVIDER_LOGIN_ERROR”, realmId=“6701c092-16e9-436e-be3c-d9d0889b3f7b”, clientId=“account-console”, userId=“null”, ipAddress=“0:0:0:0:0:0:0:1”, error=“identity_provider_login_failure”, code_id=“b5985891-c6ba-4236-bee8-f4e53bb79b94”

the configurations are correct as I have checkd the endpoints carefully, can u give me solution to troubleshoot, ASAP.

1 Like

We are facing the same issue.
It seems like, the issue is happening for the following reason
org.keycloak.broker.provider.IdentityBrokerException: Could not fetch attributes from userinfo endpoint.

Do you have any suggestion on this?

Hello! I just ran into this today and found that choosing “Keycloak OpenIDConnect” on setup was wrong. When I used all of the same settings in a new identity provider, but this time choosing “OpenID Connect v1.0” In the dropdown on create it worked.