search

cuzy-app / auth-keycloak

Keycloak Sign-In
6 stars 6 forks source link

OIDC integration failure #5

Closed buglessdr closed 1 year ago

buglessdr commented 2 years ago

Hello,

I have installed KeyClock 17.0.1 and Hum Hub 1.9 and received the following error after checking "Enable this Auth client" directions seem pretty straightforward. I used docker to setup everything. When I turn on the module I get the following error in firefox/chrome: too many redirects

From the error logs I get the following:

$_SERVER = [

    'USER' => 'nginx'

    'HOME' => '/var/lib/nginx'

    'HTTP_COOKIE' => 'region1_configure_menu=visible; region3_registry_menu=visible; menuPanel=visible; region5_tools_menu=visible; menuPanelType=config; PHPSESSID=2de6ald0blure7fq5m228deja3; _identity=fe3063089da391a85cb03d2e6edb6775c3764cce274ee5975cc23e5e65f34158a%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22_identity%22%3Bi%3A1%3Bs%3A50%3A%22%5B1%2C%229849337e-5224-438a-9e3a-4bcba550bbb6%22%2C2592000%5D%22%3B%7D; _csrf=4af84d48227cedb3673e5c2efdb97a71f7280a6600e052e002c492793c0fe8dba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22yKlDk5OY_78shslJJSh0CkTlUcI56byN%22%3B%7D'

    'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.9'

    'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, br'

    'HTTP_SEC_FETCH_DEST' => 'empty'

    'HTTP_SEC_FETCH_MODE' => 'navigate'

    'HTTP_SEC_FETCH_SITE' => 'same-origin'

    'HTTP_SEC_CH_UA_PLATFORM' => '\"macOS\"'

    'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36'

    'HTTP_SEC_CH_UA_MOBILE' => '?0'

    'HTTP_UPGRADE_INSECURE_REQUESTS' => '1'

    'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'

    'HTTP_SEC_CH_UA' => '\".Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"103\", \"Chromium\";v=\"103\"'

    'HTTP_CACHE_CONTROL' => 'max-age=0'

    'HTTP_CONNECTION' => 'keep-alive'

    'HTTP_HOST' => 'localhost'

    'SCRIPT_FILENAME' => '/var/www/localhost/htdocs/index.php'

    'PATH_INFO' => ''

    'REDIRECT_STATUS' => '200'

    'SERVER_NAME' => '_'

    'SERVER_PORT' => '80'

    'SERVER_ADDR' => '172.17.0.4'

    'REMOTE_PORT' => '58130'

    'REMOTE_ADDR' => '172.17.0.1'

    'SERVER_SOFTWARE' => 'nginx/1.20.2'

    'GATEWAY_INTERFACE' => 'CGI/1.1'

    'REQUEST_SCHEME' => 'http'

    'SERVER_PROTOCOL' => 'HTTP/1.1'

    'DOCUMENT_ROOT' => '/var/www/localhost/htdocs'

    'DOCUMENT_URI' => '/index.php'

    'REQUEST_URI' => '/user/auth/login'

    'SCRIPT_NAME' => '/index.php'

    'CONTENT_LENGTH' => ''

    'CONTENT_TYPE' => ''

    'REQUEST_METHOD' => 'GET'

    'QUERY_STRING' => ''

    'FCGI_ROLE' => 'RESPONDER'

    'PHP_SELF' => '/index.php'

    'REQUEST_TIME_FLOAT' => 1658811179.1819

    'REQUEST_TIME' => 1658811179

]

2022-07-26 04:52:59 [172.17.0.1][-][2de6ald0blure7fq5m228deja3][error][yii\base\InvalidArgumentException] yii\base\InvalidArgumentException: The file or directory to be published does not exist: /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/authclient/assets in /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php:461

Stack trace:

#0 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetBundle.php(185): yii\web\AssetManager->publish()

#1 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php(288): yii\web\AssetBundle->publish()

#2 /var/www/localhost/htdocs/protected/humhub/components/AssetManager.php(66): yii\web\AssetManager->loadBundle()

#3 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php(259): humhub\components\AssetManager->loadBundle()

#4 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/View.php(287): yii\web\AssetManager->getBundle()

#5 /var/www/localhost/htdocs/protected/humhub/modules/ui/view/components/View.php(193): yii\web\View->registerAssetBundle()

#6 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetBundle.php(125): humhub\modules\ui\view\components\View->registerAssetBundle()

#7 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/widgets/AuthChoice.php(267): yii\web\AssetBundle::register()

#8 /var/www/localhost/htdocs/protected/humhub/modules/user/widgets/AuthChoice.php(113): yii\authclient\widgets\AuthChoice->init()

#9 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/BaseObject.php(109): humhub\modules\user\widgets\AuthChoice->init()

#10 [internal function]: yii\base\BaseObject->__construct()

#11 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/di/Container.php(412): ReflectionClass->newInstanceArgs()

#12 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/di/Container.php(171): yii\di\Container->build()

#13 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/BaseYii.php(365): yii\di\Container->get()

#14 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Widget.php(138): yii\BaseYii::createObject()

#15 /var/www/localhost/htdocs/protected/humhub/modules/user/views/auth/login.php(38): yii\base\Widget::widget()

#16 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(348): require('/var/www/localh...')

#17 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(257): yii\base\View->renderPhpFile()

#18 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/View.php(156): yii\base\View->renderFile()

#19 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(410): yii\base\View->render()

#20 /var/www/localhost/htdocs/protected/humhub/modules/user/controllers/AuthController.php(126): yii\base\Controller->render()

#21 [internal function]: humhub\modules\user\controllers\AuthController->actionLogin()

#22 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array()

#23 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(181): yii\base\InlineAction->runWithParams()

#24 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Module.php(534): yii\base\Controller->runAction()

#25 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/Application.php(104): yii\base\Module->runAction()

#26 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Application.php(392): yii\web\Application->handleRequest()

#27 /var/www/localhost/htdocs/index.php(25): yii\base\Application->run()

#28 {main}

2022-07-26 04:52:59 [172.17.0.1][-][2de6ald0blure7fq5m228deja3][info][application] $_GET = []
marc-farre commented 2 years ago

The error you have is:

The file or directory to be published does not exist: /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/authclient/assets in /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/AssetManager.php:461

Could you check you have this directory on your server: /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/authclient/assets?

buglessdr commented 2 years ago

I do not image

buglessdr commented 2 years ago

Not sure if this is helpful - but these are the commands I used to start the containers.

docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:18.0.2 start-dev

docker run -d --name humhub_db -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=humhub mariadb:10.2

docker run -d --name humhub -p 80:80 --link humhub_db:db mriedmann/humhub:stable

buglessdr commented 2 years ago

Did an upgrade to humhub 1.11.4 and keycloak 18.0.2 and was able to make a little more progress however, I have encountered a new error:

Next yii\httpclient\Exception: fopen(http://localhost:8080/realms/master/protocol/openid-connect/token): failed to open stream: Address not available in /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-httpclient/src/StreamTransport.php:68

Stack trace:

0 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-httpclient/src/Client.php(233): yii\httpclient\StreamTransport->send()

1 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-httpclient/src/Request.php(445): yii\httpclient\Client->send()

2 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/BaseOAuth.php(231): yii\httpclient\Request->send()

3 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/OAuth2.php(149): yii\authclient\BaseOAuth->sendRequest()

4 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/AuthAction.php(421): yii\authclient\OAuth2->fetchAccessToken()

5 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/AuthAction.php(232): yii\authclient\AuthAction->authOAuth2()

6 /var/www/localhost/htdocs/protected/humhub/modules/user/authclient/AuthAction.php(38): yii\authclient\AuthAction->auth()

7 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2-authclient/src/AuthAction.php(216): humhub\modules\user\authclient\AuthAction->auth()

8 [internal function]: yii\authclient\AuthAction->run()

9 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Action.php(93): call_user_func_array()

10 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Controller.php(178): yii\base\Action->runWithParams()

11 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Module.php(552): yii\base\Controller->runAction()

12 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/web/Application.php(103): yii\base\Module->runAction()

13 /var/www/localhost/htdocs/protected/vendor/yiisoft/yii2/base/Application.php(384): yii\web\Application->handleRequest()

14 /var/www/localhost/htdocs/index.php(25): yii\base\Application->run()

15 {main}

2022-07-26 23:26:29 [172.17.0.1][-][7tjiruh8rus0fngdc3pve25gjh][info][application] $_GET = [

'authclient' => 'Keycloak'
'state' => '75400b4152e5c01e72e0b161ac86dc463289052574354928dd6cae271a5d2a35'
'session_state' => '546e2ee9-c55b-4405-b128-6a0d47517d2d'
'code' => '94742197-a024-4deb-9780-14fdf7c16b7d.546e2ee9-c55b-4405-b128-6a0d47517d2d.d4b2bb8d-f4c6-42a5-b559-3e546c30bb1f'

]

I was able to validate with postman that I can hit the URL and successfully return a token with it, (I did have to make a change to scopes to be able to do it)

marc-farre commented 2 years ago

Great. I cannot tell, the error is that http://localhost:8080/realms/master/protocol/openid-connect/token is not reachable. This URL is your Keycloak, but I really don't know why it cannot be read. Perhaps Keycloak URL should to be on HTTPS? You could also try with another app (Wordpress or other) if your Keycloak is working correctly.

ArchBlood commented 2 years ago

@funkycram see https://github.com/humhub-contrib/auth-google/issues/5 for similar issue.

marc-farre commented 2 years ago

Thanks @ArchBlood but I think the problem is the URL. @buglessdr Could you go to the Keycloak administration -> Realm settings -> click on "OpenID Endpoint Configuration" and check the token_endpoint URL? If it starts with http://localhost:8080/auth/master/... then in the Keycloak settings (in Humhub), in the field Base URL you should have http://localhost:8080/auth.

buglessdr commented 2 years ago

That was it! Thanks!