Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keycloak integration with new che helm chart #21541

Closed
rakeshreddyrg09 opened this issue Jul 8, 2022 · 7 comments
Closed

keycloak integration with new che helm chart #21541

rakeshreddyrg09 opened this issue Jul 8, 2022 · 7 comments
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/question Questions that haven't been identified as being feature requests or bugs. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. severity/P2 Has a minor but important impact to the usage or development of the system.

Comments

@rakeshreddyrg09
Copy link

Summary

Hello team,

Can anyone share the documentation flow for how to set up eclipse-che oidc is configured with keycloak which is installed in same k8s cluster.

this is how currently passing details through values file.
OIDC-che
client-test-keycloak

also i have tried with different keycloak issuer URLs like below

http://keycloak-discovery/auth/realms/TEST_DEV/.well-known/openid-configuration
http://keycloak-discovery/auth/realms/TEST_DEV/protocol/openid-connect/token/introspect

error in oauth-proxy:

[2022/07/08 13:27:12] [options.go:72] Performing OIDC Discovery...
[2022/07/08 13:27:12] [options.go:80] error: failed to discover OIDC configuration: error performing request: Get "http://keycloak-discovery/auth/realms/TEST_DEV/protocol/openid-connect/auth/.well-known/openid-configuration": dial tcp: lookup keycloak-discovery on 10.43.0.10:53: no such host
[2022/07/08 13:27:12] [main.go:54] Get "http://keycloak-discovery/auth/realms/TEST_DEV/protocol/openid-connect/auth/.well-known/openid-configuration": dial tcp: lookup keycloak-discovery on 10.43.0.10:53: no such host

FOR ALL THE 3 DIFFERENT URLs i am getting the same error. can anyone help me out what i am missing here.

Thank you eclipse-che team.

Relevant information

No response
@rakeshreddyrg09 rakeshreddyrg09 added the kind/question Questions that haven't been identified as being feature requests or bugs. label Jul 8, 2022
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jul 8, 2022
@amisevsk
Copy link
Contributor

amisevsk commented Jul 8, 2022

Hi @rakeshreddyrg09, thanks for opening an issue. I'm a little confused by the identityProviderURL here -- does http://keycloak-discovery resolve in your DNS to the keycloak pod in-cluster?

cc: @tolusha you're more familiar with OIDC setup in Che. I'd appreciate your help here if you're available.

@amisevsk amisevsk added severity/P2 Has a minor but important impact to the usage or development of the system. area/install Issues related to installation, including offline/air gap and initial setup and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jul 8, 2022
@rakeshreddyrg09
Copy link
Author

hello @amisevsk thank you for reply,
here is my keycloak ingress, other components in my cluster are able to do the OIDC OAUTH successfully.
image
i have tried with my other host too but same result.
image

@tolusha
Copy link
Contributor

tolusha commented Jul 18, 2022

I think the correct issuer url must be the following:
https://<KEYCLOAK_ADDR>/realms/<REALM_NAME>
for instance https://keycloak.192.168.59.253.nip.io/realms/che

@ibuziuk ibuziuk mentioned this issue Jul 18, 2022
Open
@l0rd l0rd mentioned this issue Jul 19, 2022
Closed
@rakeshreddyrg09
Copy link
Author

Hi @tolusha
I tried the above configuration, but still getting the same error.

@tolusha
Copy link
Contributor

tolusha commented Jul 21, 2022

I've prepared a draft script how to setup keycloak as OIDC provider on minikube and deploy Eclipse Che.
Could you check if it can shed a light on your problem?

[1] https://gist.github.com/tolusha/345c59eb36a136ffdbce61acbee9c50a

@rakeshreddyrg09
Copy link
Author

Hi @tolusha, Thank you for your reply.
Actually I am using a k3d cluster.

@che-bot
Copy link
Contributor

che-bot commented Jan 17, 2023

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 17, 2023
@che-bot che-bot closed this as completed Jan 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/question Questions that haven't been identified as being feature requests or bugs. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. severity/P2 Has a minor but important impact to the usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tolusha @amisevsk @che-bot @rakeshreddyrg09