You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey once again!
As my issue was closed i did comment on that but i belive it has not been "seen"...?
So if not to much trouble i will open another issue to follow up the #1402 and basicly copy what i comented there last time:
Hey again, so after viewing the thread and following (copying almost) the config i came across some challenges...
So here is the current config:
{
"domain": "sso.the.provider",
"clientId": "alfio",
"clientSecret": "secrethere",
"callbackURI": "the.alfio.domain/openid/callback",
"authenticationUrl": "/realms/therealm/protocol/openid-connect/auth",
"tokenEndpoint": "/realms/therealm/protocol/openid-connect/token",
"rolesParameter": "roles",
"alfioGroupsParameter": "org-roles",
"logoutUrl": "/realms/therealm/protocol/openid-connect/logout",
"logoutRedirectUrl": "https://the.alfio.domain/admin"
}
You might see that in the callbackURI i dont have the protocol on it, as if i put it down (https://the.alfio.domain/openid/callback) the result is an Incorrect redirectURI from keycloak. And after analysing the logs this is what i found: Sep 11 16:05:09 keycloak kc.sh[148]: 2024-09-11 16:05:09,820 WARN [org.keycloak.events] (executor-thread-112) type="LOGIN_ERROR", realmId="xxxx", realmName="therealm", clientId="alfio", userId="null", ipAddress="chillbro", error="invalid_redirect_uri", redirect_uri="https:/ticketlane.herokuapp.com/openid/callback"
So as you see in the redicrect_uri it is missing an slash and because of it the keycloak dosent accept it...
If i remove the protocol on both alfio and keycloak client config i can sucessfully login. However probably because of the incorrect redirecturi after the login it goes to an 404 page with the following url: https://the.alfio.domain/the.alfio.domain/openid/callback?state=moreids&session_state=moreofthat&iss=https%3A%2F%2Fsso.the.provider%2Frealms%2Frealm&code=token.
If i manually remove the 2nd part of the.alfio.domain that is on duplicate it sucessfully logs in and runs "almost" smooth.
The 2nd issue is when trying to logout that it shows this error: Invalid parameter: redirect_uri with the following url: https://sso.the.provider/realms/therealm/protocol/openid-connect/logout?redirect_uri=https://the.alfio.instance/admin
On the logs that shows as Sep 11 21:12:56 keycloak kc.sh[148]: 2024-09-11 21:12:56,123 WARN [org.keycloak.protocol.oidc.endpoints.LogoutEndpoint] (executor-thread-176) Parameter 'redirect_uri' no longer supported. Please use 'post_logout_redirect_uri' with 'id_token_hint' for this endpoint. Alternatively you can enable backwards compatibility option 'legacy-logout-redirect-uri' of oidc login protocol in the server configuration.
If i remove the "redirect_uri=https://the.alfio.instance/admin" i can sucessfully logout but without the redirect (ofc). As far as i moved this is what i got...
The text was updated successfully, but these errors were encountered:
Hey once again!
As my issue was closed i did comment on that but i belive it has not been "seen"...?
So if not to much trouble i will open another issue to follow up the #1402 and basicly copy what i comented there last time:
Hey again, so after viewing the thread and following (copying almost) the config i came across some challenges...
So here is the current config:
{
"domain": "sso.the.provider",
"clientId": "alfio",
"clientSecret": "secrethere",
"callbackURI": "the.alfio.domain/openid/callback",
"authenticationUrl": "/realms/therealm/protocol/openid-connect/auth",
"tokenEndpoint": "/realms/therealm/protocol/openid-connect/token",
"rolesParameter": "roles",
"alfioGroupsParameter": "org-roles",
"logoutUrl": "/realms/therealm/protocol/openid-connect/logout",
"logoutRedirectUrl": "https://the.alfio.domain/admin"
}
You might see that in the callbackURI i dont have the protocol on it, as if i put it down (https://the.alfio.domain/openid/callback) the result is an Incorrect redirectURI from keycloak. And after analysing the logs this is what i found: Sep 11 16:05:09 keycloak kc.sh[148]: 2024-09-11 16:05:09,820 WARN [org.keycloak.events] (executor-thread-112) type="LOGIN_ERROR", realmId="xxxx", realmName="therealm", clientId="alfio", userId="null", ipAddress="chillbro", error="invalid_redirect_uri", redirect_uri="https:/ticketlane.herokuapp.com/openid/callback"
So as you see in the redicrect_uri it is missing an slash and because of it the keycloak dosent accept it...
If i remove the protocol on both alfio and keycloak client config i can sucessfully login. However probably because of the incorrect redirecturi after the login it goes to an 404 page with the following url: https://the.alfio.domain/the.alfio.domain/openid/callback?state=moreids&session_state=moreofthat&iss=https%3A%2F%2Fsso.the.provider%2Frealms%2Frealm&code=token.
If i manually remove the 2nd part of the.alfio.domain that is on duplicate it sucessfully logs in and runs "almost" smooth.
The 2nd issue is when trying to logout that it shows this error: Invalid parameter: redirect_uri with the following url: https://sso.the.provider/realms/therealm/protocol/openid-connect/logout?redirect_uri=https://the.alfio.instance/admin
On the logs that shows as Sep 11 21:12:56 keycloak kc.sh[148]: 2024-09-11 21:12:56,123 WARN [org.keycloak.protocol.oidc.endpoints.LogoutEndpoint] (executor-thread-176) Parameter 'redirect_uri' no longer supported. Please use 'post_logout_redirect_uri' with 'id_token_hint' for this endpoint. Alternatively you can enable backwards compatibility option 'legacy-logout-redirect-uri' of oidc login protocol in the server configuration.
If i remove the "redirect_uri=https://the.alfio.instance/admin" i can sucessfully logout but without the redirect (ofc). As far as i moved this is what i got...
The text was updated successfully, but these errors were encountered: