function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Yashpal YadavYashpal Yadav 

Unable to login via Keycloak into salesforce.

I configured salesforce auth provide with below mention steps:

1. Provider Type = Open ID Connect
2. Name = Keycloak
3. Authorize Endpoint URL = https://myhost.com/auth/realms/MyRealm/protocol/openid-connect/auth
4. Token Endpoint URL = https://myhost.com/auth/realms/MyRealm//protocol/openid-connect/token
5. User Info Endpoint URL = https://myhost.com/auth/realms/MyRealm//protocol/openid-connect/userinfo
6. Registration Handler = AutocreatedRegHandler1593587038560 (Auto Generated)
7. Execute Registration As = Yashpal Yadav (Manager user)

8. click on save button for create auth provider.

9. After saving, I got 5 points I added "Callback URL" into Keycloak as "Redirect URL"
10. I called "Test-Only Initialization URL" it's working fine.
11. When I called "Single Sign-On Initialization URL" then I got 

"NO_ACCESS: Unable to find a user." error. 

I don't know what I am missing? Please help me how can I resolve the above error.

AbhishekAbhishek (Salesforce Developers) 
Hi Yashpal,

For more information, contact

your Salesforce administrator. NO_ACCESS: Unable to find a user. " This usually happens when the impacted user's profile does not have the "Manage Billing" permission. To resolve the error, grant 'Manage Billing' to the user through their Profile or an assigned Permission Set.

You can check the below article too,

https://help.salesforce.com/articleView?id=000239671

For your reference follow the steps as mentioned in the below blog,

https://trailblazers.salesforce.com/answers?id=9063A000000pZpqQAE

https://blog.bessereau.eu/assets/pdfs/salesforce_single_sign_on.pdf

I hope you find the above information is helpful. If it does, please mark as Best Answer to help others too.

Thanks.

 
AbhishekAbhishek (Salesforce Developers) 
Ans try this too,

I believe your issue is relevant to what is described in this post (https://salesforce.stackexchange.com/questions/33527/salesforce-auth-provider-with-facebook-sso)

The Auth Provider URL you're using is set up, by default, to target the internal org. So, when you use the SSO URL on that page, it is trying to login to the Org, but since your Reg Handler creates a portal style user, they are blocked from logging in.
You can, of course, configure your Community to accept the Auth Provider. This is a simple checkbox on the login configuration for the community, and it will automatically put a button on your Community login page, handle StartUrls, etc.
If you need to build the Auth Provider URL yourself to test manually, it's pretty easy...you just need a special param. Here's an example:
https://login.salesforce.com/services/auth/sso/00D30000000000FOO/Facebook?community=http%3A%2F%2Fcustomerdemo.force.com&startURL=
You just need to add that community param with your URL, plus an optional start url. This will target the authentication to your community, instead of your org.

If it doesn't work I recommend using 'Existing User Linking URL' (
Existing User Linking URL—Use this URL to link existing Salesforce users to a third-party account. The user opens this URL in a browser, signs in to the third party, signs in to Salesforce, and approves the link) as described here

Let me know if this helps