Skip to content
This repository has been archived by the owner on Apr 22, 2024. It is now read-only.

Can't connect using Keycloak OIDC #681

Open
ozSoleil opened this issue Jun 23, 2022 · 2 comments
Open

Can't connect using Keycloak OIDC #681

ozSoleil opened this issue Jun 23, 2022 · 2 comments

Comments

@ozSoleil
Copy link

ozSoleil commented Jun 23, 2022
edited
Loading

Issue Name

Can't connect using Keycloak OIDC

Summary

Hi everyone, @nitrosx
I am trying to set up scicat for use at Soleil with KeycloakOIDC login enabled but I get an error after the authentification part.

Steps to Reproduce

Current Behaviour

I don't get correctly redirected and instead got a 500 error message on browser.
When i look into my backend container i got this error:
image

Expected Behaviour

Authentification succeded and redirected to user page

Extra Details

Providers.json:
"keycloak": {
"provider": "oidc",
"authScheme": "openid connect",
"module": "/usr/src/app/server/boot/oidcCompatibleStrategy",
"authPath": "/auth/keycloak",
"successRedirect": "https://catanie-test.synchrotron-soleil.fr/user",
"failureRedirect": "https://catanie-test.synchrotron-soleil.fr/login",
"failureFlash": true,
"session": false,
"issuer": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat",
"authorizationURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/auth",
"tokenURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/token",
"userInfoURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/userinfo",
"clientID": "xxxxxxxxxxxxxx",
"clientSecret": "xxxxxxxxxxxxxx",
"callbackURL": "https://catamel-test.synchrotron-soleil.fr/auth/keycloak/callback",
"proxy": "http://195.221.0.34:8080",
"scope": ["email", "profile", "openid"]
}
I think it's linked to the configuration linked to the keycloak realm that I'm using
@dylanmcreynolds
Copy link
Contributor

dylanmcreynolds commented Jun 23, 2022
edited
Loading

I don't know much about KeyCloak In your providers.json, it looks like you've writing your own strategy module": "/usr/src/app/server/boot/oidcCompatibleStrategy" but it don't see evidence of that in the stack trace, so maybe it's not getting invoked?

Edit, I see that this module is there because of #614 now.

The error message makes me think that pssport code is looking for an access_token in the URL that it gets in a redirect from KeyCloak and it's not there. Your image shows part of the url, but not the full url.

Looking at scicat/backend/node_modules/passport-openidconnect/lib/strategy.js, I think this is the case.

@belfhi
Copy link

belfhi commented Aug 17, 2022

@ozSoleil it seems like you're using an older versin of the Backend if everything is mounted in /usr/src/app instead of /home/node/app. I'm trying to get Keycloak Auth working, too, and I get a little further. For me it seems like the authentication succeeded and all the information is populated in the user but then I still get Authorization Required Error.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@belfhi @dylanmcreynolds @ozSoleil