ERR905: You need to specify a serial or a user

I want to integrate privacyIDEA in Keycloak.
Keycloak is installed and I can authenticate from Nextcloud against it.

I installed the privacyIDEA Plugin in Keycloak following this documentation
https : // www .privacyidea .org/versatile-2fa-single-sign-on-with-keycloak-and-privacyidea/

When I now login in Nextcloud I klick on ‘login with keycloak’ and enter username and passwort. Then I get a new Screen to enter the OTP.
After entering the OTP I get ‘Authentication failed.’

In the Keycloak log I see

2021-06-19 14:09:38,522 INFO  [org.privacyidea.authenticator.PrivacyIDEAAuthenticator] (OkHttp http ://mfa .domain .tld/...) /validate/check:
{
  "id": 1,
  "jsonrpc": "2.0",
  "result": {
    "error": {
      "code": 905,
      "message": "ERR905: You need to specify a serial or a user."
    },
    "status": false
  },
  "time": 1624111778.4443033,
  "version": "privacyIDEA 3.5.1",
  "signature": "rsa_sha256_pss:9a56b7..."
}

In the Apache log on the privacyIDEA server I get

400 "GET /validate/check HTTP/1.1"  762 "-" "privacyIDEA-Keycloak"

Te following test is running with success:
https: //mfa. domain. tld/validate/check?user=username&pass=otp

One strange thing I recognized:
Even if I enter a not existing URL in the privacyIDEA configuration in Keycloak (like xxx.foo.bar) I get the log entry with http : //mfa. domain.tld

My question is.
Why is a serial or a user missing?

Hello gnot,
welcome to the community.

Which version of keycloak are you running?

…and which version of the keycloak plugin?

Hi cornelinux,

keycloak is from here
https://github.com/keycloak/keycloak/releases/download/13.0.1/keycloak-13.0.1.zip

the plugin is from
https://github.com/privacyidea/keycloak-provider/releases/download/v0.6.1/PrivacyIDEA-Provider.jar

After restarting all servers it’s working.
Sorry for the noise

1 Like