OIDC Keycloak gives error in K8S
{"type":"https://www.jhipster.tech/problem/problem-with-message","title":"Unauthorized","status":401,"detail":"Not Authenticated","path":"/login","message":"error.http.401"}
Login should redirect properly
Related
I am using SAML federation in Keycloak. After successful login from Keycloak page, it is redirected to an url with Header as null. Due to this, it returns a CORS error.
Is there an option to set this Origin header in Keycloak configuration for SAML client?
Thanks!
I'm trying to set up Keycloak to us CAS as an OIDC identity provider. I've had this working in the past but can't get it to work now. Keycloak is configured using the "/cas/oidc/.well-known/openid-configuration" endpoint and set the client ID and secret.
All standard stuff.
Keycloak redirects to CAS as expected, the user authenticates successfully against CAS and then is redirected back to Keycloak, but Keycloak then throws this error in the logs:
2020-12-07T14:34:03.706265042Z 14:34:03,616 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-1) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server.
2020-12-07T14:34:03.706301844Z at org.keycloak.keycloak-services#10.0.2//org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:499)
2020-12-07T14:34:03.706308262Z at org.keycloak.keycloak-services#10.0.2//org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:360)
2020-12-07T14:34:03.706313243Z at org.keycloak.keycloak-services#10.0.2//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:472)
This is with logging at DEBUG level. Not clear what is really wrong.
The logs on the CAS side look OK.
Any ideas what might be wrong here and how to debug this?
This is with Keycloak 10.0.2
I want to connect Keycloak to the identity provider of my organization but it is failing.
To test the connection between Keycloak and other identity providers I have used Github and connected it with Keycloak using the default template of Keycloak for Github and it worked.
Now I am trying to connect Github with Keycloak using the generic "OpenID Connect v1.0" configuration to check if it can help me somehow, but I didn't succeed. I was redirected to the Github login page, logged in but then, when redirected back to Keycloak, Keycloak is sending the error "Unexpected error when authenticating with identity provider".
Has anyone managed to connect Github to Keycloak using the generic "OpenID Connect v1.0" configuration?
In Keycloak I have used this configuration:
Authorization URL:
https://github.com/login/oauth/authorize
Token URL:
https://github.com/login/oauth/access_token
In Github I have configured the application with:
Homepage URL:
https://MY_IP/auth/realms/REALM_NAME/broker/githubcustom/endpoint
Authorization callback URL:
https://MY_IP/auth/realms/REALM_NAME/broker/githubcustom/endpoint
GitHub supports OAuth and not OpenID Connect v1.0. So I wouldn't expect that it will be working. I would use Social->GitHub provider type.
we have implemented a vaadin application using latest 14 LTS version of Vaadin and integrated with Keycloak 8. The configuration works and when we first start the application the user is forwarded to keycloak login page and then redirected to vaadin app.
When keycloak token expires, the application doesn't redirect to keycloak as it runs in background a heartbeat ajax request and tries to redirect to keycloak login page. We first getting a CORS error from keycloak which some how can be resolved from Keycloak I assume, but even though this work, the redirect doesn't redirect us to keycloak login, as it is ajax request
When we inspect the page we have this flow:
Heartbeat URL
URL: http://localhost:8090/?v-r=uidl&v-uiId=3
Application Login Page
URL: http://localhost:8090/sso/login
Keycloak Login URL
URL: https://keycloak_url/auth/realms/htp/protocol/openid-connect/auth?response_type=code&client_id=web&redirect_uri=http%3A%2F%2Flocalhost%3A8090%2Fsso%2Flogin&state=6ed652f2-dd7e-4398-bc60-798f6d055f69&login=true&scope=openid due to access
and the result is a not a json response in a window in application having the keycloak login form instead of redirecting
Any idea how to solve this issue?
I need to connect the zuul and keycloak. But my issue is that I am not gettting any idea or code. I need from api gateway to call keycloak and get the access token and from api gateway again to validate the access token and call the request api