search

SciCatProject / backend-v3

SciCat Data Catalogue Backend
https://scicatproject.github.io/documentation/
BSD 3-Clause "New" or "Revised" License
13 stars 17 forks source link

Can't connect using Keycloak OIDC #681

Open ozSoleil opened 2 years ago

ozSoleil commented 2 years ago

Issue Name

Can't connect using Keycloak OIDC

Summary

Hi everyone, @nitrosx I am trying to set up scicat for use at Soleil with KeycloakOIDC login enabled but I get an error after the authentification part.

Steps to Reproduce

Current Behaviour

I don't get correctly redirected and instead got a 500 error message on browser. When i look into my backend container i got this error: image

Expected Behaviour

Authentification succeded and redirected to user page

Extra Details

Providers.json: "keycloak": { "provider": "oidc", "authScheme": "openid connect", "module": "/usr/src/app/server/boot/oidcCompatibleStrategy", "authPath": "/auth/keycloak", "successRedirect": "https://catanie-test.synchrotron-soleil.fr/user", "failureRedirect": "https://catanie-test.synchrotron-soleil.fr/login", "failureFlash": true, "session": false, "issuer": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat", "authorizationURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/auth", "tokenURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/token", "userInfoURL": "https://ispyb3.synchrotron-soleil.fr/auth/realms/scicat/protocol/openid-connect/userinfo", "clientID": "xxxxxxxxxxxxxx", "clientSecret": "xxxxxxxxxxxxxx", "callbackURL": "https://catamel-test.synchrotron-soleil.fr/auth/keycloak/callback", "proxy": "http://195.221.0.34:8080", "scope": ["email", "profile", "openid"] } I think it's linked to the configuration linked to the keycloak realm that I'm using

dylanmcreynolds commented 2 years ago

I don't know much about KeyCloak In your providers.json, it looks like you've writing your own strategy module": "/usr/src/app/server/boot/oidcCompatibleStrategy" but it don't see evidence of that in the stack trace, so maybe it's not getting invoked?

Edit, I see that this module is there because of #614 now.

The error message makes me think that pssport code is looking for an access_token in the URL that it gets in a redirect from KeyCloak and it's not there. Your image shows part of the url, but not the full url.

Looking at scicat/backend/node_modules/passport-openidconnect/lib/strategy.js, I think this is the case.

belfhi commented 2 years ago

@ozSoleil it seems like you're using an older versin of the Backend if everything is mounted in /usr/src/app instead of /home/node/app. I'm trying to get Keycloak Auth working, too, and I get a little further. For me it seems like the authentication succeeded and all the information is populated in the user but then I still get Authorization Required Error.