Forum Discussion
Error logging in to Windows (Federated 'web' sign-in) with Keycloak through Intune.
See source of the new function Microsoft added: https://learn.microsoft.com/en-us/education/windows/federated-sign-in?tabs=intune
Hi all,
I'm trying to set up federated single sign-on (SSO) for my organization's Office 365 accounts using Keycloak and Intune. I've followed the steps outlined in the documentation, and I'm able to successfully log in to Office.com with my Keycloak credentials when I access it through a browser.
However, when I try to log in on my Windows machine, I get an error message saying "Something went wrong. Please wait a bit, then try again."
I've confirmed that my Windows device is enrolled in Intune and that the necessary policies for SSO are set up correctly.
Configured Policy's
Name | OMA-URI | Data type | Value |
EnableWebSignInForPrimaryUser | ./Vendor/MSFT/Policy/Config/FederatedAuthentication/EnableWebSignInForPrimaryUser | Integer | 1 |
ConfigureWebSignInAllowedUrls | ./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls | String | sso.example.com |
IsEducationEnvironment | ./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment | Integer | 1 |
ConfigureWebCamAccessDomainNames | ./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames | String | sso.example.com |
The event viewer recorded an error message with the code "0xC000000D" at the same time I experienced the login error. The error message indicates that there was an issue with the "AAD Cloud AP plugin call GenericCallPkg".
I am running this on a VM installed with Windows 11 Education version 22H2 with KB5022913 as stated in the documentation.
Can anyone offer any insight into what might be causing this error and how I can resolve it?
Thanks in advance for your help!
Stan
Some screenshots of the flow: