OpenId keyclock

Mahmoud_Mansour · June 16, 2021, 1:29pm

Hello,

To use openId properly with Keyclock, I have the following environment variables:

APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__ENABLED=true
APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__REGISTRATION_ENABLED=false
APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__REGISTRATION_CALLBACK_URL=
APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__PROVIDER_URL=https://example.com/auth/realms//protocol/openid-connect/auth
APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__CLIENT_ID=chirpstack
APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__CLIENT_SECRET=1cb84339-16f0-486c-98ff-940c8d73303b
APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__LOGOUT_URL=https://chirpstack.ei.thm.de
APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__LOGIN_LABEL=Login with Keycloak

I am getting the following error when I click on “sign in with keyclock”:
get authenticator error

Also it’s not redirected to keyclock. it’s redirected to https://example.com/auth/oidc/login

Any help from your side.
If you already tested it with auth0. I would apprecite giving me an example and I will try to see how could work with keyclock.

Mahmoud_Mansour · June 16, 2021, 5:28pm

I was able to solve the problem. The following will works for sure with Keycloak:

     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__ENABLED=true"
     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__REGISTRATION_ENABLED=true"
     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__REGISTRATION_CALLBACK_URL="
     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__PROVIDER_URL=https://keycloak.example.com/auth/realms/<Your Realm Name>"
     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__CLIENT_ID=<the OpenId Client id you created in keycloak>"
     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__CLIENT_SECRET=<Get the secret from the OpenId client you create in Keycloak>"
     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__REDIRECT_URL=https://chirpstack.ei.thm.de/auth/oidc/callback"
     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__LOGOUT_URL="
     - "APPLICATION_SERVER__USER_AUTHENTICATION__OPENID_CONNECT__LOGIN_LABEL=Login with Keycloak"

You can also have those in the config file. I prefered to use env variables…

Chirpstack will get all the required OpenId configurations from the URL:

https://keycloak.example.com/auth/realms/<Your Realm Name> 
+
/.well-known/openid-configuration

→

https://keycloak.example.com/auth/realms/<Your Realm Name>/.well-known/openid-configuration

Make sure this concatenated URL accessible by chirpstack. The provider_url should not end with a forward slash as you see above.

HofIoT · June 17, 2021, 1:52pm

Hi, thanks for the detailed explanation of configuring keycloak as oidc endpoint. What do you think about this #11424