Closed belfhi closed 2 years ago
I am getting the same error when following the tutorial for google OIDC: https://scicatproject.github.io/documentation/Development/OIDC.html This is with docker.
So. I looked into the code and:
server/server.js lines 20+
// express sessions are required for passport ocid. If your
// config.Local has a session for the expressionSecret, configure
// express-session
if (configLocal.expressSessionSecret){
var session = require("express-session");
app.use(session({
secret: configLocal.expressSessionSecret,
resave: false,
saveUninitialized: true
}));
}
So it seems like expressSessionSecret
needs to be set in config.local.js
.
A first test confirms that and now gives different errors
Unhandled error for request GET /api/v3/Users/62fb4944304d14f82fc002cb: Error: Authorization Required
but the Keycloak part seems to be working.
Cheers
That worked for me as well. @belfhi maybe we should keep this issue open so that we can request for better documentation in the tutorial about setting the express session secret?
Never mind. It looks like it is in the documentation.
Yes, my PR was merged after I found out about the issue 😅
Do you know what solved this: /api/v3/Users/62fb4944304d14f82fc002cb: Error: Authorization Required
?
Try this callback function
"use strict";
exports.accessGroupsToProfile =
function (req, done) {
return function (err, user, identity, token) {
identity.updateAttributes({
"profile": {
accessGroups: identity.profile._json.groups,
email: identity.profile._json.email,
...identity.profile
},
"credentials": null });
var authInfo = {
identity: identity,
};
if (token) {
authInfo.accessToken = token;
}
done(err, user, authInfo);
};
};
In keycloak you need to map the users' groups to the groups
claim
and then login should work. Don't forget to reference the function in the providers.json
file
OIDC Login fails
Summary
I set up scicat in a kubernetes deployment and want to use Keycloak as OIDC auth provider. I turned off the login fields and configured the paths in the frontend and the provider in
providers.json
but when I click on thesign in with Keycloak
button I get a 500 Internal Server Error:Steps to Reproduce
my
providers.json
snippet is:Current Behaviour
no redirect to Keycloak, but internal server error.
Expected Behaviour
redirect to OIDC Provider (Keycloak) and after successful authentication redirect back to scicat.
Extra Details
Here you should include details about the system (if it is unique) and possible information about a fix (feel free to link to code where relevant). Screenshots/GIFs are also fine here.