ERR905: You need to specify a serial or a user

I want to integrate privacyIDEA in Keycloak.
Keycloak is installed and I can authenticate from Nextcloud against it.

I installed the privacyIDEA Plugin in Keycloak following this documentation
https : // www .privacyidea .org/versatile-2fa-single-sign-on-with-keycloak-and-privacyidea/

When I now login in Nextcloud I klick on ‘login with keycloak’ and enter username and passwort. Then I get a new Screen to enter the OTP.
After entering the OTP I get ‘Authentication failed.’

In the Keycloak log I see

2021-06-19 14:09:38,522 INFO  [org.privacyidea.authenticator.PrivacyIDEAAuthenticator] (OkHttp http ://mfa .domain .tld/...) /validate/check:
  "id": 1,
  "jsonrpc": "2.0",
  "result": {
    "error": {
      "code": 905,
      "message": "ERR905: You need to specify a serial or a user."
    "status": false
  "time": 1624111778.4443033,
  "version": "privacyIDEA 3.5.1",
  "signature": "rsa_sha256_pss:9a56b7..."

In the Apache log on the privacyIDEA server I get

400 "GET /validate/check HTTP/1.1"  762 "-" "privacyIDEA-Keycloak"

Te following test is running with success:
https: //mfa. domain. tld/validate/check?user=username&pass=otp

One strange thing I recognized:
Even if I enter a not existing URL in the privacyIDEA configuration in Keycloak (like I get the log entry with http : //mfa. domain.tld

My question is.
Why is a serial or a user missing?

Hello gnot,
welcome to the community.

Which version of keycloak are you running?

…and which version of the keycloak plugin?

Hi cornelinux,

keycloak is from here

the plugin is from

After restarting all servers it’s working.
Sorry for the noise

1 Like