SharePoint Subscription Edition and OpenID Connect Feature with Keycloak

Question

Hi all,

I'm trying to OpenID connect feature of the SharePoint Server Subscription Edition with Keycloak but i get some errors. There is no too much documentation and support on the internet about this subject. Can somebody guide me about this situation or give an idea? My ULS Logs as below:

STS Call: Failed to issue new security token. Exception: 'System.IdentityModel.Tokens.SecurityTokenException: Validate signature failure : no found matched security key for token signature.
at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(String tokenString, TokenValidationParameters validationParameters, SecurityToken& token)
at Microsoft.SharePoint.IdentityModel.SPOpenIDSecurityTokenHandlerV2.ValidateToken(SecurityToken token)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenRequestContextV2..ctor(ClaimsIdentity identity, RequestSecurityToken request, Boolean initializeForActor, SPSecurityTokenRequestTypeV2 overrideRequestType)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceV2.Issue(ClaimsPrincipal principal, RequestSecurityToken request)'.

SPSecurityContext: Request for security token failed with exception. Exception: 'System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.
at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)'.

An exception occurred when trying to issue security token: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs..

Claims Saml Sign-In: Could not get local token for trusted third party token. FaultException: 'System.ServiceModel.FaultException: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.
at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf)
at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'. Stack: '
at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForOnBehalfOfContext(Uri context, SecurityToken onBehalfOf)
at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModuleV2.ExchangeArgumentTrustedThirdPartySessionSecurityTokenForLocalToken(SecurityToken thirdPartyToken, SessionSecurityTokenCreatedEventArgs arguments)'.

Answer 1

Dear @Hasan Köroğlu
This problem is really complicate. It is hard to troubleshot this issue via community, we suggest you open a ticket from Microsoft for further help.

Have a nice day!

Thanks,
Lu Yi

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.