[BUG] auth doesnt work, especially keycloak

[Ev0genii]

Environment

Self-Hosted (Docker)

System

debian

Version

2.1.1

Describe the problem

Deploy dashy in kubernetes with ingress tried to make auth by dashy documentation, but it didnt work, even basic auth with user hash and title also auth parameters as enableGuestAccess doesnt work i think its something in last update, that interfere auth work last git update was a week ago, maybe u didnt update documentation

Additional info

No response

Please tick the boxes

• [X] You have explained the issue clearly, and included all relevant info
• [X] You are using a supported version of Dashy
• [X] You've checked that this issue hasn't already been raised
• [X] You've checked the docs and troubleshooting guide
• [X] You agree to the code of conduct

[liss-bot]

If you're enjoying Dashy, consider dropping us a ⭐
_{🤖 I'm a bot, and this message was automated}

[juancarlosm]

Same here. Basic auth is not working.

[randyjc]

Was about to give up, because I couldn't find what I was doing wrong. Tried a couple of different options, but below is latest. After applying below to the config, I also get the message that I'm not logged in as admin. When trying to force via URL to login I just get redirected to Dashy homepage.

https://url/login redirects to https://url/

I deleted cache, restarts, incognito, other browsers etc.

appConfig:
  theme: nord-frost
  layout: auto
  iconSize: medium
  language: en
  auth:
    users:
    - user: randyjc
      hash: <REDACTED>
      type: admin
pageInfo:
  title: Dashy
  description: Welcome to your new dashboard!
  navLinks:
    - title: GitHub
      path: https://github.com/Lissy93/dashy
    - title: Documentation
      path: https://dashy.to/docs
sections:
  - name: Getting Started
    icon: fas fa-rocket
    items:
      - title: Dashy Live
        description: Development a project management links for Dashy
        icon: https://i.ibb.co/qWWpD0v/astro-dab-128.png
        url: https://live.dashy.to/
        target: newtab
        id: 0_1481_dashylive
      - title: GitHub
        description: Source Code, Issues and Pull Requests
        url: https://github.com/lissy93/dashy
        icon: favicon
        id: 1_1481_github

V2.1.1 via PikaPods

EDIT: Probably related: https://github.com/Lissy93/dashy/issues/1126

[artemdanielov]

same here, auth (basic) doesnt work =(

[ajbrigg49]

I am new to Dashy (Just set it up about a week ago.) Today I was following the basic auth docs and I am also seeing the same issue. Opening Dashy, I just get to my dashboard. If I go to config, update config, edit config, I see a message across the bottom "You cannot write changes to disk because you are not logged in as an administrator". So it would seem it knows about my new user account that is an admin, however it is not redirecting to login. I've tried multiple browsers (Edge, chromium, Chrome), and multiple PCs, but there is no change. If it matters, I added the auth config by hand from ssh use VI.

Thanks

Andy

[clockwinder]

I seem to be having a similar issue.

[chrgraham]

+1 Basic auth is NOT working, new user running Docker, auth is configured, dashboard is completely exposed and unsecured.

Have attempted these additional configuration options mentioned in other Issues.

    enableGuestAccess: false
    disableConfigurationForNonAdmin: true

Here is my entire appConfig:

appConfig:
  theme: nord-frost
  layout: auto
  iconSize: medium
  language: en
  auth:
    enableGuestAccess: false
    disableConfigurationForNonAdmin: true
    users:
    - user: *****
      hash: *****
      type: admin

Auth tickets should be a priority.

Related to these other Issues that are getting closed from the timeout bot. It does not appear the repo owner @Lissy93 is responding these.

• https://github.com/Lissy93/dashy/issues/1082
• https://github.com/Lissy93/dashy/issues/1063
• https://github.com/Lissy93/dashy/issues/990
• https://github.com/Lissy93/dashy/issues/1019

[Pytonballoon810]

Is this still going on? I think I have the same problem but cant seem to find a fix if there is maybe someone can direct me into the right direction?

[clockwinder]

I've not found a solution yet. So for now I've just disabled Dashy.

[IbaiBuR]

I am experiencing the same issue too... Neither keycloak nor basic auth working...

Lets hope @Lissy93 can fix it soon somehow.

[bloodysneaker]

+1 No login page showing after enabling auth. With the aforementioned work-around of "enableguestaccess" I've the login button but even if I authenticate with an Admin user, I'm no able to make any conf changes.

EDIT: Reverting to 2.1.0 seems to fix the issue

[Maretzky85]

+1 on docker swarm 2.1.0 docker image works fine tho. Keeping previous version until fix is available :)

Btw. Thanks for superb app, and no pressure ;)

[nOw-Ay]

+1, I have exactly the same problem that is described here and in the other issues (logout button without even logging-in and keycloak weird errors). Reverting to 2.1.0

[coderunway]

+1 , This is not working on Dashy 2.1.1 too. Does not work even after adding enableGuestAccess: true and disableConfigurationForNonAdmin: true parameters. I have tried it in the incognito mode browser too, to ensure its not a caching issue. Any advice is appreciated.

appConfig:
    auth:
        enableGuestAccess: true
        users:
          - user: user1
            hash: ############
            type: admin
          - user: user2
            hash: ##############
            type: normal
      disableConfigurationForNonAdmin: true

[jakob1379]

Keycloak works perfectly fine for me.

The needing element is an attribute mapper providing roles and groups to simple attributes "roles" and "groups" in the access token.

Does not work in conjunction with basic auth though

[djessich]

Any progress on this? For me, it also does not work with 2.1.1. With 2.1.0 everything works perfectly though...

[jakob1379]

Any progress on this? For me, it also does not work with 2.1.1. With 2.1.0 everything works perfectly though...

Have you made sure you get the groups with your requests? It works when you add them to the access token

[TheRealGramdalf]

Edit: It looks like the effects of this (and https://github.com/Lissy93/dashy/issues/1051#issue-1525872151) are far-reaching, I believe a lot of the open bug reports right now could be fixed by this. I've linked a few to my explanation, but I have to leave it there for today - I'll pick this back up if mentioned and/or a maintainer responds.

I believe there are several reasons why this could be happening - in my case it was a combination of two issues.

• Problem 1: User Error
  • Contrary to what the documentation says, I decided to bind mount ./config:/app/public. This was a mistake, since /app/public is pre-populated with a sample configuration and some other files - including the website icon etc. Only bind mount individual files into /app/public!!
  • _Note: In the release notes for 2.1.1, there was mention about a configuration overhaul - I would wait on this to be released before making any requests/suggestions.
• Problem 2: First build
  • I haven't had a chance to look fully into this yet, but I believe it's due to how the dashy docker image is built. It runs a node.js server (which is required to support functions like config editing and more), and a "static" site generated from the config. The static site is built at runtime with yarn, and can be manually started with yarn build (or through the UI via Update Configuration > Rebuild Application). The generated site is placed at /app/dist/, which is non-persistent - if you recreate the container (which happens when running docker compose down, or docker compose up -d with an already running container), the contents of /app/dist will be lost. I believe that upon first startup, the site is run directly from source while the first build is created - which leads to inconsistencies in login mentioned in this issue. If (like me) there are issues with auto rebuild, the static site won't be generated automatically - you need to trigger it manually via any of the above methods. Once built, login functions as expected.
  • @Lissy93 do you mind giving this a quick read and response? A yes/no would suffice, I know you are busy with v2.1.2/v3 among other things.

As for solutions to the problem, make sure the static component is built upon container recreation. Since the release notes mentioned a big overhaul, I won't do anything right now, but I have an idea as for how to fix the issue at it's root, should it still exist - make /app/dist persist to an extent (or require yarn build to complete before the container becomes accessible). If a maintainer can give me the go ahead (i.e. this won't be solved by anything that's currently in the works), I'll draft up a PR with the fix (basically add documentation for an additional bind mount, ./cache:/app/dist or the like, and make a few changes to make it work (there's an RM command somewhere that needs a change)).

[TheRealGramdalf]

These mentions are just for letting people involved in the other bugs know, sorry for the spam

[zell-mbc]

Thanks for looking int this @TheRealGramdalf. I tried at my end again, unfortunately I couldn't get things to work.

• Added the Keycloack mapper as per the screenshot of @jakob1379, no change unfortunately
• Ransudo docker exec -it dashboard yarn as per your note above and still won't get a prompt to logon

Back to v2.1.0 and things are working again…

[TheRealGramdalf]

* Ran` sudo docker exec -it dashboard yarn` as per your note above and still won't get a prompt to logon

Did you do sudo docker exec -it dashboard yarn or sudo docker exec -it dashboard yarn build? The latter is what you need for it to build, on my server it takes about ~100s. Make sure to clear all cache (especially if you have the service worker enabled) for it to take effect - there may be residual login cookies etc that mess with things.

[okietech]

I just tried your fix and it worked like a charm. Thanks!

[zell-mbc]

Did you do sudo docker exec -it dashboard yarn or sudo docker exec -it dashboard yarn build?

The first one :-) Just tried again with yarn build…and bingo! Got my logon dialog! I think that's a workable solution for me until this get fixed for good.

Thanks a lot for helping along, really appreciated!

[Unacoli]

Even with version 2.1.0, I don't achieve keycloak auth to work :( It gives a never ending refresh on the dashy loading screen. Did someone have a working configuration with keycloak to provide ?

[DimitrijaGj]

Hello,

I'm encountering a couple of issues with Dashy after deploying it using Docker Compose. Here's a summary of my steps and the problems I'm facing:

Initial Deployment: I deployed Dashy using the command docker compose up -d. After deployment, the login screen did not appear as expected.

Rebuilding Dashy: To troubleshoot, I rebuilt Dashy using two methods:

Through the Dashy UI by selecting "Rebuild Application." Via command line with sudo docker exec -it yarn build. After rebuilding, the login screen became available, resolving the initial issue.

Configuration Update Problem: However, a new problem arose where updates made to the Dashy configuration through the UI are not being saved. Interestingly, the changes appear in the configuration file when viewed with cat or vim, but these updates don't reflect within the application itself when I reload the browser, tried also in incognito mode clear cookis. Specifically, I'm looking for help with the following:

Why are the configuration changes not persisting in the UI, even though they're visible in the configuration file? Is there a step I'm missing or a known issue that prevents configuration updates from being saved properly when using Docker? Any insights, suggestions, or guidance on how to resolve this issue would be greatly appreciated. Thank you!

[TheRealGramdalf]

Configuration changes require a rebuild before they take effect. Just trigger that after making changes to the config and you should be good.

[DimitrijaGj]

Configuration changes require a rebuild before they take effect. Just trigger that after making changes to the config and you should be good.

Thanks for the fast response. However, the problem I face after rebuild is that I can not change the configuration in UI, so to say interactively. I do the changes, like add section, as can be seen on the screenshots. I added the "test section" clicked on save disk, after refreshing the page "test section" is gone, but is, in fact, in the config.yml file. It is very inconvenient to rebuild the app after every change. So long story short, I have only problem that after I run it with docker compose up -d, anyone can see the dashboard after just deleting the /login in the URL IP:Port/login is there a workaround I can do to avoid that?? Seems like enableGuestAccess: false do not take effect until the rebuild.

appConfig:
  disableConfigurationForNonAdmin: true
  enableGuestAccess: false
  auth:
    #enableGuestAccess: false
    users:
      - user: user1 

[TheRealGramdalf]

Essentially the issue is that you must rebuild after making any changes, period. This used to happen automatically, but it was recently broken (as of 2.11 iirc?). I haven't looked into the specifics exactly, but that's the TL;DR

[DimitrijaGj]

Essentially the issue is that you must rebuild after making any changes, period. This used to happen automatically, but it was recently broken (as of 2.11 iirc?). I haven't looked into the specifics exactly, but that's the TL;DR

Thx for the answer. I revert it to 2.1.0 and it is working fine. I will wait till the bug is fix in the next releases.

[jerry-f]

> Even with version 2.1.0, I can't get keycloak authentication to work :( It provides a never-ending refresh on the dash loading screen. Does anyone have a working configuration for keycloak?

I also can't use keycloak for authentication.

[CrazyWolf13]

Hi This problems seems to be related to dashy not automatically rebuilding on changes, see #1479 and https://github.com/Lissy93/dashy/issues/1290#issuecomment-1884249018 A new release has just been published, which should fix this issue, so please upgrade to the latest version. If this is not the case just respond back to this ticket and I'll reopen this issue. Thanks and have a nice day.

[Unacoli]

Hello @CrazyWolf13 !

I am still having issue with dashy blocked in a never ending refresh. I have the page with auth with keycloak, and when I am login in, I have dashy that is stuck refreshing and not working.

I don't know if its still an issue with dashy or if it is a config problem :(

[CrazyWolf13]

@Unacoli Thanks for the feedback, can you confirm you are indeed running the latest version of dashy and can you try to repull and redeploy the container?

Also would you mind sharing your conf.yml ?

[zell-mbc]

I have a sort of working setup in case you want to compare notes. "Sort of" because when I do a docker compose down --rmi all && docker compose up -d I have to do a separate rebuild via docker exec -it dashboard yarn build

Without the later docker command Dashy will work, but not ask for credentials, which is the opposite of fail-safe I guess :-)

[CrazyWolf13]

Thanks for sharing, also is that still happening in 2.1.2 ? Because in the new version dashy should rebuild at start?

[zell-mbc]

Yes, this is what I am running:

dashboard | Using Dashy V-2.1.2. Update Check Complete

[Unacoli]

Yes I am indeed running the latest version.

pageInfo:
  title: Hub
sections:
  - name: Example Section
appConfig:
  theme: callisto
  language: fr
  layout: auto
  iconSize: medium
  startingView: default
  defaultOpeningMethod: newtab
  statusCheck: false
  statusCheckInterval: 0
  faviconApi: allesedv
  routingMode: history
  enableMultiTasking: false
  widgetsAlwaysUseProxy: false
  webSearch:
    disableWebSearch: false
    searchEngine: duckduckgo
    openingMethod: newtab
    searchBangs: {}
  enableFontAwesome: true
  enableMaterialDesignIcons: false
  hideComponents:
    hideHeading: false
    hideNav: false
    hideSearch: false
    hideSettings: false
    hideFooter: false
  auth:
    enableGuestAccess: false
    users: []
    enableKeycloak: true
    keycloak:
      serverUrl: [URL]
      realm: [Realm]
      clientId: [id]
      legacySupport: false
      idpHint: [idp]
  showSplashScreen: false
  preventWriteToDisk: false
  preventLocalSave: false
  disableConfiguration: false
  disableConfigurationForNonAdmin: false
  allowConfigEdit: true
  enableServiceWorker: false
  disableContextMenu: false
  disableUpdateChecks: false
  disableSmartSort: false
  enableErrorReporting: false

[Unacoli]

I have a sort of working setup in case you want to compare notes. "Sort of" because when I do a docker compose down --rmi all && docker compose up -d I have to do a separate rebuild via docker exec -it dashboard yarn build

Without the later docker command Dashy will work, but not ask for credentials, which is the opposite of fail-safe I guess :-)

The command sadly didn't solved the refresh problem :( I really don't understand if the problem come from me or not since its gave me the right connexion prompt, and after login its locked in the refreshing state (i also see my connexion log on dashy on the keycloak log)

[Unacoli]

I've investigated a little more browsing tickets, and I find the answer to my problem !

In Keycloak, in my dashy client, I had to turn off this option :

It works perfectly now, thank you all !

And for note, the command docker exec -it dashboard yarn build provided by @zell-mbc is usefull , the login screen don't show up without it after a docker compose up -d

Edit :

I've added the line entrypoint: ["yarn","build-and-start"] in my docker-compose.yml, it replaces the command docker exec -it dashboard yarn build :)

[e-sacchi]

I also have this problem, normal login works, keycloak not, even with this feature disabled... No login page and config file open to anyone. Any updates on this?

[Kirkland-gh]

Keycloak is working for me now on 3.0.0 when I go to dashy.domain.com/login. Is anyone else able to test?

[kutekroma]

Console output after keycloak authorization:

Error while trying to use the following icon from the Manifest: https://***.domen.com/web-icons/dashy-pwa_144x144.png (Download error or resource isn't a valid image)

Warning : Deprecation warning: The simple-icons entrypoint will be removed in the next major. Please switch to using import * as icons from "simple-icons/icons" if you need an object with all the icons.

[kutekroma]

Keycloak is working for me now on 3.0.0 when I go to dashy.domain.com/login. Is anyone else able to test?

can you show conf.yml and a screenshot of the clients setting in keycloak? Have you set up roles and groups separately in the client?

[Kirkland-gh]

Keycloak is working for me now on 3.0.0 when I go to dashy.domain.com/login. Is anyone else able to test?

can you show conf.yml and a screenshot of the clients setting in keycloak? Have you set up roles and groups separately in the client?

Only one user so no roles or groups.

  auth:
    enableGuestAccess: false
    users: []
    enableKeycloak: true
    keycloak:
      serverUrl: https://keycloak.example.com
      realm: example-realm
      clientId: example-clientid
      legacySupport: false

[Lissy93]

I hadn't realized that the infinite refresh loop was client-side, sorry misunderstood and thought you were talking about a Docker issue.

This should be fixed by db9d7e362dcd5d08688a6eb32521b0499f9ce809 in #1542 and released in 3.0.1

[kutekroma]

Great! It works with version 3.0.1 THANKS!!!!!