SSO Keycloak/kerberos doesn't work with Rocketchat client

Alexsme commented 4 years ago

My Setup

Operating System: Windows 10
App Version: 2.15.3

[ ] I have tested with the latest version
[x ] I can simulate the issue easily

Description

In our integration environnement we try to switch authentication from keycloak/ldaps to Keycloak/kerberos (openid).

Keycloak/ldaps authentication : browser access (Edge or chrome) work fine, desktop client work fine.
Keycloak/kerberos authentication : browser access (Edge or chrome) work fine, desktop client failed

We can see this logs on keycloak when when failing :

2019-10-28 17:01:14,368 INFO [stdout] (default task-58) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is /etc/keycloak.keytab refreshKrb5Config is false principal is "" tryFirstPass is false useFirstPass is false storePass is false clearPass is false 2019-10-28 17:01:14,368 INFO [stdout] (default task-58) principal is "" 2019-10-28 17:01:14,368 INFO [stdout] (default task-58) Will use keytab 2019-10-28 17:01:14,369 INFO [stdout] (default task-58) Commit Succeeded 2019-10-28 17:01:14,369 INFO [stdout] (default task-58) 2019-10-28 17:01:14,370 WARN [org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator] (default task-58) GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration

Did you ever facing this problem ?

Thanks for your support.

Regards.

ankar84 commented 4 years ago

SSO with KeyCloak works great for me in RC.Electron client version 2.15.5-2.17.2 and in modern browsers (Chrome, IE11) on domain joined computer. You need to add KeyCloak URL to Local Intranet Security Zone in Internet Explorer settings (we used group policies for that).

dzbeda commented 4 years ago

My Setup

Operating System: Windows 10

App Version: 2.15.3

[ ] I have tested with the latest version

[x ] I can simulate the issue easily

Description

In our integration environnement we try to switch authentication from keycloak/ldaps to Keycloak/kerberos (openid).

Keycloak/ldaps authentication : browser access (Edge or chrome) work fine, desktop client work fine.

Keycloak/kerberos authentication : browser access (Edge or chrome) work fine, desktop client failed

We can see this logs on keycloak when when failing :

2019-10-28 17:01:14,368 INFO [stdout] (default task-58) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is /etc/keycloak.keytab refreshKrb5Config is false principal is "" tryFirstPass is false useFirstPass is false storePass is false clearPass is false 2019-10-28 17:01:14,368 INFO [stdout] (default task-58) principal is "" 2019-10-28 17:01:14,368 INFO [stdout] (default task-58) Will use keytab 2019-10-28 17:01:14,369 INFO [stdout] (default task-58) Commit Succeeded 2019-10-28 17:01:14,369 INFO [stdout] (default task-58) 2019-10-28 17:01:14,370 WARN [org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator] (default task-58) GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration

Did you ever facing this problem ?

Thanks for your support.

Regards.

Hi , Did you find the problem ?

jeanfbrito commented 2 years ago

Please test if the latest release did solve this. If not please reopen the issue or create a new one and tell us. I will be closing this one for now.

Thank you!

RocketChat / Rocket.Chat.Electron