Error logging in to Windows (Federated 'web' sign-in) with Keycloak through Intune.

Question

See source of the new function Microsoft added: https://learn.microsoft.com/en-us/education/windows/federated-sign-in?tabs=intune

Hi all,

I'm trying to set up federated single sign-on (SSO) for my organization's Office 365 accounts using Keycloak and Intune. I've followed the steps outlined in the documentation, and I'm able to successfully log in to Office.com with my Keycloak credentials when I access it through a browser.

However, when I try to log in on my Windows machine, I get an error message saying "Something went wrong. Please wait a bit, then try again."

I've confirmed that my Windows device is enrolled in Intune and that the necessary policies for SSO are set up correctly.

Configured Policy's

EnableWebSignInForPrimaryUser./Vendor/MSFT/Policy/Config/FederatedAuthentication/EnableWebSignInForPrimaryUserInteger1ConfigureWebSignInAllowedUrls./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrlsStringsso.example.comIsEducationEnvironment./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironmentInteger1ConfigureWebCamAccessDomainNames./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNamesStringsso.example.comThe event viewer recorded an error message with the code "0xC000000D" at the same time I experienced the login error. The error message indicates that there was an issue with the "AAD Cloud AP plugin call GenericCallPkg".

I am running this on a VM installed with Windows 11 Education version 22H2 with KB5022913 as stated in the documentation.

Can anyone offer any insight into what might be causing this error and how I can resolve it?

Thanks in advance for your help!

Stan

Some screenshots of the flow:

[

](https://filestore.community.support.microsoft.com/api/images/c87087d7-5891-40e5-8d9b-b6d61e7c4132?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2bfFBh2dqlqMuW7np3F6Utp%2fKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2fU3qhn54nwvsHPRoUHtFfDasrRClGW489c5tPPC9yv4sFIRxVufZhlHgcTwOWyo2qx%2bS2KaPGfvDkzOl9y6Afu8wHQUJREjgDZuw8monAfRespxTb0KtzJTVQkX%2ff0Q0zlAr3BdTKWtpC2vZLERZ5wUsR5XB22YeWXv6BepiZhZltWtG0VWzuHEKRjAZqO%2b6LyYrsLMGlKniwhA41gDR9PZmTja2gTn%2fQMiLbzNuprcJTPQXD6WaUxDB1CFWqEvnGclQQQSwVvO8DdmnwIho1wzcpoT%2b2p%2fnfsM3fg32UoElsn4nMoU%3d)

[

](https://filestore.community.support.microsoft.com/api/images/7487c19d-0538-4911-963e-9905a66e3691?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2bfFBh2dqlqMuW7np3F6Utp%2fKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2fU3qhn54nwvsHPRoUHtFfDasrRClGW489c5tPPC9yv4sFIRxVufZhlHgcTwOWyo2qx%2bS2KaPGfvDkzOl9y6Afu8wHQUJREjgDZuw8monAfRespxTb0IDJeD4w1scNQvrRH66ANsT3jgaXDUc0cc3gfzegV%2btOvOOiHPa1rDBAsAK0k6V8HpxM0WXIqelBqWYvUKgZD7SjRpnm2Cf4jXS9bwB84PwvqfcYPK59JirDVfz1%2fp4KhE6l74BUIW1PzmyL5HuFLGXMpm%2bNIRHDkBDHVhHp%2b6pepoph9CEUoVnRrbRkuhKoEg%3d)

[

](https://filestore.community.support.microsoft.com/api/images/f435ec8e-eadb-4e9b-bc48-7879e7aa992f?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2bfFBh2dqlqMuW7np3F6Utp%2fKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2fU3qhn54nwvsHPRoUHtFfDasrRClGW489c5tPPC9yv4sFIRxVufZhlHgcTwOWyo2qx%2bS2KaPGfvDkzOl9y6Afu8wHQUJREjgDZuw8monAfRespxTb0K1Uw2e1UX6H2LuT0IgSsJK%2b5IFMpY1zZfJzsurA7WYyjLB0YrrHMidIsitb7PCtehXV%2bqu0bAb9yY%2fAxgP6VC6g0IASb4TBHgMbiJMagQww1gX5rjhGIGmp88ldhCsX8HoGurSP7d1QEEp5Zi%2bHJikF2gcH55DiH5xJTSwJwQMgxRs6cJGk3N7K5c2bidgcgg%3d)

Answer 1

Hello,

One of the most common issues in this scenario is that the SCCM Agent is still present in the machine. I would recommend to remove following the next steps:

Yo can use the next methods:

-Remove using CCMSETUP:

Run the command prompt as administrator.

Change the path to client agent location – C:\Windows\ccmsetup.

Run the command ccmsetup.exe /uninstall.

Go to C:\Windows\ccmsetup\Logs and open ccmsetup.log file to monitor the client uninstallation.

Restart your computer after you uninstall the client agent.

--If the reply is helpful, please Upvote and Accept as answer--

Answer 2

It’s a big preview right now. I wouldn’t use it for production. You’re not doing anything wrong. It’s hit and miss, it works and breaks with a different updates.

also I don’t think they have the solution for offline login yet either.