Error logging in to Windows (Federated 'web' sign-in) with Keycloak through Intune.

Copper Contributor

See source of the new function Microsoft added: https://learn.microsoft.com/en-us/education/windows/federated-sign-in?tabs=intune

 

Hi all,

 

I'm trying to set up federated single sign-on (SSO) for my organization's Office 365 accounts using Keycloak and Intune. I've followed the steps outlined in the documentation, and I'm able to successfully log in to Office.com with my Keycloak credentials when I access it through a browser.

 

However, when I try to log in on my Windows machine, I get an error message saying "Something went wrong. Please wait a bit, then try again."

I've confirmed that my Windows device is enrolled in Intune and that the necessary policies for SSO are set up correctly.

 

Configured Policy's

Name

OMA-URI

Data type

Value

EnableWebSignInForPrimaryUser

./Vendor/MSFT/Policy/Config/FederatedAuthentication/EnableWebSignInForPrimaryUser

Integer

1

ConfigureWebSignInAllowedUrls

./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls

String

sso.example.com

IsEducationEnvironment

./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment

Integer

1

ConfigureWebCamAccessDomainNames

./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames

String

sso.example.com

 

 

The event viewer recorded an error message with the code "0xC000000D" at the same time I experienced the login error. The error message indicates that there was an issue with the "AAD Cloud AP plugin call GenericCallPkg".

 

I am running this on a VM installed with Windows 11 Education version 22H2 with KB5022913 as stated in the documentation.

 

Can anyone offer any insight into what might be causing this error and how I can resolve it?

 

Thanks in advance for your help!

Stan

 

Some screenshots of the flow:

Untitled.png

 

Untitled2.png

 

 

Untitled3.png

0 Replies