search

bleumink / streamlit-keycloak

User authentication and single sign-on in your Streamlit app using Keycloak
MIT License
59 stars 11 forks source link

Cannot connect to Keycloak: Unable to connect to Keycloak using the current configuration #8

Closed johanneswerner closed 1 year ago

johanneswerner commented 1 year ago

Hello and thank you for desiging the keycloak integration for streamlit. I have however problems getting it running.

I am getting the same error message as described in #6: Unable to connect to Keycloak using the current configuration

Small differences in my setup 

def main():
   ...

keycloak = login(
        url="https://<someurl>.com",
        realm="newrealm",
        client_id="newclientid"
        )

if keycloak.authenticated:
        main()

I do not run keycloak locally but instead it runs on a cloud instance, therefore https (and no explicit port mentioning). My streamlit application also runs on a cloud instance, therefore the Valid Redirect URI is set to http://<IP>:8501. Setting the Web Origin to * leads to the same result as described above.

I also confirmed the correct name of the realm in the json export under "Installation" in the Clients pane under the Installation tab, and the correct name for the client_id in the Settings tab.

Is there any possibility to get more information about why the connection fails (e.g. unable to find keycloak server, unknown realm, unknown client id, etc.)?

Thank you very much for your help!

bleumink commented 1 year ago

Whoops, accidentally closed this.

Hi Johannes, thanks for giving this package a shot. I have had a look at what you described. When you get the 'unable to connect' message, this means that the initialization function from the keycloak javascript library fails. This generally happens when Keycloak is misconfigured somewhere.

I believe the Redirect URI should be the external url, so something like https://<someurl>.com/*. The redirecting happens in the browser, so the url you see there should be valid. Let me know if this helps.

I think your suggestion for more error logging is a great idea, so I improved that in a new branch. I haven't figured out how to catch problems with the redirect uris though, so this wouldn't help in this case.

johanneswerner commented 1 year ago

Thank you very much for your support and the release of the package v.1.0.1.

I looked at the improved logging and can report more insight now.

This happens in the app (when running streamlit run Home.py).

image

The terminal shows the following output: 

2023-01-10 08:28:31.695 ComponentRequestHandler: GET streamlit_keycloak.keycloak/b
uild/bundle.js read error
Traceback (most recent call last):
  File "/home/ubuntu/keycloak-project/venv/lib/python3.10/site-packages/streamli
t/web/server/component_request_handler.py", line 55, in get
    with open(abspath, "rb") as file:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ubuntu/keycloak-project
/venv/lib/python3.10/site-packages/streamlit_keycloak/frontend/public/build/
bundle.js'

I checked the specific folder and it does not include the file bundle.js - instead this is the output of the folder: 

$ tree ./venv/lib/python3.10/site-packag
es/streamlit_keycloak/
./venv/lib/python3.10/site-packages/streamlit_keycloak/
├── __init__.py
├── __pycache__
│   └── __init__.cpython-310.pyc
└── frontend
    └── public
        ├── bootstrap.min.css
        ├── check-sso.html
        ├── index.html
        └── login.html

Do you have any idea why the file bundle.js is missing?

I also checked in your repository under the respective tag: https://github.com/bleumink/streamlit-keycloak/tree/v1.0.1/streamlit_keycloak/frontend/public

and here the file bundle.js is also not present. Does this provide you any clue?

Thank you so much for your help with that.

bleumink commented 1 year ago

Hi Johannes,

Are you working from a clone of the repo? In that case you first have to build the frontend component. Make sure you have Nodejs installed (tested for Nodejs 16) and then do the following:

cd streamlit_keycloak/frontend
npm install
npm run build

Then the bundle.js should be where you expect it. If you use the package from pip, you don't have to worry about this. Have you had any luck with setting the external url as a valid redirect uri in the Client configuration?

johanneswerner commented 1 year ago

I installed the repo with pip, or more precisely with the following command: 

pip install git+https://github.com/bleumink/streamlit-keycloak

which resulted in version 1.0.1 (and then I received the error I described above).

With respect to to the redirect URI: I am building a streamlit app on AWS, therefore I set the redirect URI to http://<instance IP>:8501/*.

I first thought I made an error with the security groups, however now I am getting more error messages than earlier: 

2023-01-10 14:11:34.114 ComponentRequestHandler: GET streamlit_keycloak.keycloak/b
uild/bundle.css read error
Traceback (most recent call last):
  File "/home/ubuntu/keycloak-project/venv/lib/python3.10/site-packages/streamli
t/web/server/component_request_handler.py", line 55, in get
    with open(abspath, "rb") as file:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ubuntu/keycloak-project/
venv/lib/python3.10/site-packages/streamlit_keycloak/frontend/public/build/
bundle.css'
2023-01-10 14:11:34.148 ComponentRequestHandler: GET streamlit_keycloak.keycloak/b
uild/bundle.js read error
Traceback (most recent call last):
  File "/home/ubuntu/keycloak-project/venv/lib/python3.10/site-packages/streamli
t/web/server/component_request_handler.py", line 55, in get
    with open(abspath, "rb") as file:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ubuntu/keycloak-project/
venv/lib/python3.10/site-packages/streamlit_keycloak/frontend/public/build/
bundle.js'
2023-01-10 14:11:34.181 ComponentRequestHandler: GET streamlit_keycloak.keycloak/b
ootstrap.min.css.map read error
Traceback (most recent call last):
  File "/home/ubuntu/keycloak-project/venv/lib/python3.10/site-packages/streamli
t/web/server/component_request_handler.py", line 55, in get
    with open(abspath, "rb") as file:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ubuntu/keycloak-project/
venv/lib/python3.10/site-packages/streamlit_keycloak/frontend/public/bootst
rap.min.css.map'
johanneswerner commented 1 year ago

Okay, my apologies, I reinstalled it (not directly from git) and now my output has changed a bit:

This comes from the webinterface

Unable to connect to Keycloak using the current configuration.
Timeout when waiting for 3rd party check iframe message.

whereas the command line reports that bootstrap.min.css.map could not be found. 

Unable to connect to Keycloak using the current configuration.
Timeout when waiting for 3rd party check iframe message.
bleumink commented 1 year ago

It appears that streamlit can't connect to your Keycloak instance and then times out. Make sure that the url your are providing to the login function is where Keycloak is running and the proper ports are exposed and forwarded. If you paste that exact url in your browser do you then end up at some Keycloak administrative page?

When this is working, set the redirect uri to the external url where you will be hosting your app.

P.S I ran into some issues while developing locally in Firefox with a remote Keycloak server. Still figuring out what is causing this, but had no issues when everything is deployed or using Chrome or Edge. Just so you know.

johanneswerner commented 1 year ago

Thank you for all your help, could unfortunately not figure out where the problem is. Keycloak is available via the browser but my app still cannot establish a connection to Keycloak. Need to postpone this issue to a later time. Thanks again.

bleumink commented 1 year ago

No worries, if you are still having issues with this in the future, I'll be happy to help again. Closing this for now.

One final thought: did you set the client access type to public?