"Unable to parse response." when adding group mapping in keycloak

[yennor]

I tried to add a group mapping in keycloak. The result in dokuwiki is a message "Unable to parse response." The stack trace is:

0 /var/www/html/wiki/lib/plugins/oauth/phpoauthlib/src/OAuth/OAuth2/Service/AbstractService.php(120): OAuth\OAuth2\Service\Generic->parseAccessTokenResponse('<!DOCTYPE html ...')

1 /var/www/html/wiki/lib/plugins/oauth/classes/AbstractAdapter.php(107): OAuth\OAuth2\Service\AbstractService->requestAccessToken('eyJhbGciOiJkaXI...', NULL)

2 /var/www/html/wiki/lib/plugins/oauth/auth.php(96): OAuth\Plugin\AbstractAdapter->checkToken()

3 /var/www/html/wiki/inc/auth.php(101): auth_plugin_oauth->trustExternal('', '', false)

4 /var/www/html/wiki/inc/init.php(223): auth_setup()

5 /var/www/html/wiki/doku.php(34): require_once('/var/www/html/w...')

6 {main}

When I remove the group mapping, login in works again.

[yennor]

after more debugging than I wanted to I've got it working (some more documentation about that would be great): When you add a new group mapper in keycloak, set following attributes: Mapper Type: “group membership” Token Claim Name: “groups” Full group paths: off Add to id token: off Add to access token: off Add to userinfo: on

Then it works. Don't get confused if the groups, which are stored in the user.php file are missing the groups from keycloak. Those groups get assigend on logging and merged onto the group array (e.g. they only exist in memory), but permissions and stuff on them work.