last version not working correctly with keycloak oauth/oidc

conwetlab / ckanext-oauth2

OAuth2 support for CKAN

GNU Affero General Public License v3.0

25 stars 56 forks source link

last version not working correctly with keycloak oauth/oidc #12

Open chicco785 opened 6 years ago

chicco785 commented 6 years ago

when try to retrieve the profile it generate a request that is invalid according to keycloak, previous build up to the on that introduced testing 2.7.3 where fine

aarranz commented 6 years ago

Hi @chicco785,

Would you mind doing a test with the current version? (I am missing a keycloack server to test)

Best regards.

chicco785 commented 6 years ago

hi alvaro, i will check later today or tomorrow and let you know.

i was thinking also to have a mechanism (if i find the time to make a pr) to add users on ckan organisation based on a mapping to profile field (not being this "official" the mapping has to be "dynamic")

federico

aarranz commented 6 years ago

@chicco785

ping 😄

ansh1221 commented 5 years ago

Hi, @fdelavega @aarranz while using the settings: ckan.oauth2.register_url = https://account.lab.fiware.org/users/sign_up and clicking on Register, it doesn't redirect to correct location, while the correct url is https://account.lab.fiware.org/sign_up/. After changing the value in ckan.oauth2.register_url = https://account.lab.fiware.org/sign_up, it still redirects to the above URL, i.e. the incorrect one.

Can you please suggest what can we do for the same.

fdelavega commented 5 years ago

Hi, We are now working on the integration with Keycloak includin support for JWT, will provide documentation on how to configure it in the following days

fdelavega commented 5 years ago

Hi @ansh1221 are you using a local deployment or using the docker one? Check if the environment variables are setup as they have more priority than the production.ini settings

ansh1221 commented 5 years ago

Hi @fdelavega I am using a docker one only. However, I have cross verified the settings provided. One more thing sir, can we have keyrock proxied with nginx reverse-proxy, i.e. I want to access fiware keyrock using Nginx reverse proxy onlocation /idm ? is it possible to do so? for eg: when I hit the url https://nginx-ip/idm in the browser, I should be able to access idm.

ansh1221 commented 5 years ago

Hi @fdelavega I am using a docker one only. However, I have cross verified the settings provided. One more thing sir, can we have keyrock proxied with nginx reverse-proxy, i.e. I want to access fiware keyrock using Nginx reverse proxy onlocation /idm ? is it possible to do so? for eg: when I hit the url https://nginx-ip/idm in the browser, I should be able to access idm.

Hi @fdelavega sir, can you suggest me some help in it ??

giangduong commented 4 years ago

Version 0.7.0 not working correctly with keycloak 10.0.2 (oauth/oidc) and CKAN 2.8.4.

Steps:

go to http://ckan.site/user/login. It will redirect to https://keycloak.site
Log in successful from keycloak and get back to CKAN callback url (/oauth2/callback)
CKAN: user not logged in.