Failed to create fallback key for realm: realm={my-realm} algorithm=dir use=ENC

jtaru28912 · July 16, 2024, 1:14pm

I Integrated OKTA Auth0 with Keyclaok using OIDC Identity Provider, I am able to see Login In with Auth0 option but as I click to that, “Unexpected error when authenticating with identity provider” is appearing, on inspecting I am seeing 502 Bad gateway error-

Keyclaok logs --2024-07-16 16:10:41,892 WARN [org.keycloak.events] (executor-thread-28) type=“IDENTITY_PROVIDER_LOGIN_ERROR”, realmId=“6701c092-16e9-436e-be3c-d9d0889b3f7b”, clientId=“account-console”, userId=“null”, ipAddress=“0:0:0:0:0:0:0:1”, error=“identity_provider_login_failure”, code_id=“b5985891-c6ba-4236-bee8-f4e53bb79b94”
2024-07-16 16:11:45,536 ERROR [org.keycloak.keys.DefaultKeyManager] (executor-thread-36) Failed to create fallback key for realm: realm=portal-realm algorithm=dir use=ENC
2024-07-16 16:11:45,537 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-36) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: Could not fetch attributes from userinfo endpoint.
at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:446)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:529)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint$quarkusrestinvoker$authResponse_fef2d69ce31937f365a37fb3083f9247bc4c56d2.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.lang.RuntimeException: Failed to find key: realm=portal-realm algorithm=dir use=ENC
at org.keycloak.keys.DefaultKeyManager.getActiveKey(DefaultKeyManager.java:85)
at org.keycloak.broker.oidc.OIDCIdentityProvider.parseTokenInput(OIDCIdentityProvider.java:642)
at org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:696)
at org.keycloak.broker.oidc.OIDCIdentityProvider.processAccessTokenResponse(OIDCIdentityProvider.java:263)
at org.keycloak.broker.oidc.OIDCIdentityProvider.extractIdentity(OIDCIdentityProvider.java:549)
at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:397)
… 12 more

2024-07-16 16:11:45,540 WARN [org.keycloak.events] (executor-thread-36) type=“IDENTITY_PROVIDER_LOGIN_ERROR”, realmId=“6701c092-16e9-436e-be3c-d9d0889b3f7b”, clientId=“account-console”, userId=“null”, ipAddress=“0:0:0:0:0:0:0:1”, error=“identity_provider_login_failure”, code_id=“b5985891-c6ba-4236-bee8-f4e53bb79b94”

the configurations are correct as I have checkd the endpoints carefully, can u give me solution to troubleshoot, ASAP.

sudipta.samanta · July 17, 2024, 8:10am

We are facing the same issue.
It seems like, the issue is happening for the following reason
org.keycloak.broker.provider.IdentityBrokerException: Could not fetch attributes from userinfo endpoint.

Do you have any suggestion on this?

espen.roth · September 11, 2024, 7:51pm

Hello! I just ran into this today and found that choosing “Keycloak OpenIDConnect” on setup was wrong. When I used all of the same settings in a new identity provider, but this time choosing “OpenID Connect v1.0” In the dropdown on create it worked.

swhite · October 17, 2025, 10:59am

This issue was occurring for me when the advanced “Access Token is JWT” option is enabled. Turning that off solved this problem (but means that I can’t access the claims from the access token, which I want to be able to do).

Topic		Replies	Views
"kid" invalid, unable to lookup correct key Get Help	9	8856	August 29, 2019
Suddenly encountering "SigningKeyNotFoundException: No key found in XYZ with kid ABC" Get Help	3	5762	November 30, 2019
JWK presented in kid not listed in jwks.json Get Help jwt , auth0	2	3645	August 26, 2019
/oauth/access_token custom claims Get Help social-connections , oidc , custom-claims , facebook , claim	7	4772	March 2, 2018
Troubleshooting generic 'Oops' error page (invalid_request) with SAMLP Identity provider connection Get Help login , error , callback-urls , samlp , connection	9	8379	March 2, 2018

Failed to create fallback key for realm: realm={my-realm} algorithm=dir use=ENC

Related topics