RH-SSO fails after renaming a client ID

Solution Verified - Updated -

Issue

  • A client was renamed in RH-SSO admin console and the whole application started failing by showing an error message that said: "Unexpected error when handling authentication request to identity provider".
  • None of the registered clients were able to perform the login, all of them displayed the error above.
  • In the logs, we saw an error that said "Can't found requested client with clientId: OriginalClientID" (the old client ID):
ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] Failed to make identity provider oauth callback: org.keycloak.models.ModelException: Can't found requested client with clientId: OriginalClientID
    at org.keycloak.keycloak-ldap-federation@9.0.10.redhat-00001//org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.getTargetRoleContainer(RoleLDAPStorageMapper.java:241)
    at org.keycloak.keycloak-ldap-federation@9.0.10.redhat-00001//org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper$LDAPRoleMappingsUserDelegate.<init>(RoleLDAPStorageMapper.java:327)
    at org.keycloak.keycloak-ldap-federation@9.0.10.redhat-00001//org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper.proxy(RoleLDAPStorageMapper.java:296)
    at org.keycloak.keycloak-ldap-federation@9.0.10.redhat-00001//org.keycloak.storage.ldap.LDAPStorageProvider.proxy(LDAPStorageProvider.java:195)
    at org.keycloak.keycloak-ldap-federation@9.0.10.redhat-00001//org.keycloak.storage.ldap.LDAPStorageProvider.validate(LDAPStorageProvider.java:153)
    at org.keycloak.keycloak-services@9.0.10.redhat-00001//org.keycloak.storage.UserStorageManager.importValidation(UserStorageManager.java:322)
    at org.keycloak.keycloak-services@9.0.10.redhat-00001//org.keycloak.storage.UserStorageManager.getUserByFederatedIdentity(UserStorageManager.java:434)
    at org.keycloak.keycloak-model-infinispan@9.0.10.redhat-00001//org.keycloak.models.cache.infinispan.UserCacheSession.getUserByFederatedIdentity(UserCacheSession.java:429)
    at org.keycloak.keycloak-services@9.0.10.redhat-00001//org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:549)
    at org.keycloak.keycloak-services@9.0.10.redhat-00001//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:484)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.4.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content