ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-1) Failed to make identity provider oauth callback: java.net.SocketTimeoutException: Read timed out #43586

SahanSudarakaWije · 2025-10-17T17:23:26Z

SahanSudarakaWije
Oct 17, 2025

Story

We have a sandbox application that uses Keycloak SSO. Recently, we integrated a new application (an asset) that also uses Keycloak-based SSO.

To enable SSO between the two applications, we followed the IDP-SP (Identity Provider - Service Provider) model, with the sandbox acting as the IDP and the new application as the SP.

Integration Steps Followed

Created an OpenID Connect client in the sandbox Keycloak.
Created a Keycloak Identity Provider configuration in the new application’s Keycloak, pointing to the sandbox Keycloak as the IDP.
Mapped user attributes and synchronized roles as required.
Configured valid redirect URIs, client secrets, and protocol mappers.

Infra Details

The sandbox and new applications are hosted on two different EKS clusters.
Both clusters reside in the same AWS account.
CloudFront is used to protect external access.

Issue

When attempting to login to the new application via the configured Keycloak OpenID IDP (sandbox Keycloak), we sporadically receive a socket timeout error.

This causes intermittent failures in the login flow.

Resolution Steps Attempted (but did not work)

Increased timeout and connection settings in the new application’s Keycloak pod:

env:
  - name: KC_SPI_BROKER_HTTP_CLIENT_CONNECTION_TIMEOUT
    value: "15000"
  - name: KC_SPI_BROKER_HTTP_CLIENT_SOCKET_TIMEOUT
    value: "60000"
  - name: KC_SPI_BROKER_HTTP_CLIENT_MAX_POOL_SIZE
    value: "20"

Increased “Allowed clock skew” in the IDP configuration in Keycloak — no impact observed.

Logs

ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] Failed to make identity provider oauth callback: java.net.SocketTimeoutException: Read timed out
...
at org.keycloak.broker.provider.util.SimpleHttp.asResponse(SimpleHttp.java:256)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:545)
...
WARN  [org.keycloak.events] type="IDENTITY_PROVIDER_LOGIN_ERROR", realmId="app-realm-realm", realmName="app-realm", clientId="app-frontend", userId="null", ipAddress="xx.xx.xx.xx", error="identity_provider_login_failure"

Keycloak Versions

Sandbox Keycloak: 26.2.0
New Application Keycloak: 26.2.0

ldeluigi · 2026-03-09T14:06:36Z

ldeluigi
Mar 9, 2026

Same

0 replies

bennyz327 · 2026-04-18T05:43:26Z

bennyz327
Apr 18, 2026

Same

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-1) Failed to make identity provider oauth callback: java.net.SocketTimeoutException: Read timed out #43586

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-1) Failed to make identity provider oauth callback: java.net.SocketTimeoutException: Read timed out #43586

Uh oh!

SahanSudarakaWije Oct 17, 2025

Replies: 2 comments

Uh oh!

ldeluigi Mar 9, 2026

Uh oh!

bennyz327 Apr 18, 2026

SahanSudarakaWije
Oct 17, 2025

ldeluigi
Mar 9, 2026

bennyz327
Apr 18, 2026