Unable to integrate Keycloack SSO in cortex

[yogeshgurjar127]

Hello Team,

When trying to use single sign-on for Cortex this error message appears in the logs:

Below is my configuration file.

oauth {
name: oauth2
clientId: "cortex"
clientSecret: "Secret"
redirectUri: "http://localhost:9001/api/ssoLogin"
responseType: "code"
grantType: "authorization_code"
authorizationUrl: "http://X.X.X.X:8080/realms/openid/protocol/openid-connect/auth"
authorizationHeader: "Bearer"
tokenUrl: "http://X.X.X.X::8080/realms/openid/protocol/openid-connect/token"
userUrl: "http://X.X.X.X::8080/realms/openid/protocol/openid-connect/userinfo"
#scope: ["openid", "email"]
scope: "read:user"
userIdField: "email"
}

# Single-Sign On
sso {
    # Autocreate user in database?
    autocreate = true

    # Autoupdate its profile and roles?
    #autoupdate = false

    # Autologin user using SSO?
    autologin = true
    #defaultRoles = []

    # Name of mapping class from user resource to backend user ('simple' or 'group')
    mapper = group
    attributes {
      login = "[email protected]"
      name = "admin"
      groups = "groups"
      organization = "test"
    }
    defaultRoles = ["read"]
    auth.sso.defaultOrganization = "test"
    auth.sso.attributes.organization= "test"
    groups {
      mappings {
        admin-profile-name = ["admin"]
        editor-profile-name = ["write"]
        reader-profile-name = ["read"]
      }
    }

    mapper = testing
    attributes {
      login = "user"
      name = "name"
      roles = "read,analyze,orgadmin"
      organization = "test"
    }
    defaultRoles = ["read"]
    auth.sso.defaultOrganization = "test"
    auth.sso.attributes.organization= "test"
}

}

Could you please point me in the right direction for configuration guidance?

Thanks in advance!

Work Environment

Question	Answer
OS version (server)	Ubuntu
OS version (client)	22
Cortex version / git hash	3.1.8-1
Package Type	From source
Browser type & version	Chrome

@To-om Can you please help me with this?

[To-om]

In the OAuth2 configuration the scope must be an array:

-scope: "read:user"
+scope: ["read:user"]

[yogeshgurjar127]

Hello @To-om

I adjusted the scope in the configuration file, however now I am getting the below error. For your convenience, the error message is provided below.

{"type":"AuthenticationError","message":"Authentication failure"}

Can you please help me with this?

[To-om]

The scope seems to be incorrect. Check the documentation of your IdP and set the expected value. Have you tried the default value: scope: ["openid", "email"] ?

[yogeshgurjar127]

@To-om Yes, I already tried the default value of scope but still getting the same error.

Please find below conf details.

oauth2 {
clientId: "cortex"
clientSecret: "NnLadsgsgvssttlUzJKX4TnJS"
redirectUri: "http://localhost:9001/api/ssoLogin"
responseType: "code"
grantType: "authorization_code"
authorizationUrl: "http://X.X.X.X:8080/auth/realms/openid/protocol/openid-connect/auth"
authorizationHeader: "Bearer"
tokenUrl: "http://X.X.X.X:8080/auth/realms/openid/protocol/openid-connect/token"
userUrl: "http://X.X.X.X:8080/auth/realms/openid/protocol/openid-connect/userinfo"
#scope: ["read:user"]
scope: ["openid", "email"]
userIdField: "email"
}
}

[yogeshgurjar127]

@To-om Could you please assist me with this?

[yogeshgurjar127]

Hello @To-om

Could you please update on this issue?