Invalid Username or Password while trying to authenticate via OIDC provider(Keycloak)

[samratdgreat]

I am using Keycloak as an authentication tool for my applications like Rancher, Harbor, and Grafana. However, if I try to log in to Harbor by providing the certs, I get 'Invalid Username or Password'. On the other hand, when I log in through other application like Rancher or Grafana by providing the same cert, I am able to authenticate successfully with Keycloak and then can access Harbor without issues.

To be precise, I deployed harbor using Helm ( v2.9.0) and configured its OIDC settings to integrate with Keycloak in rke2 cluster. On the keycloak side, i have created the client id for all those applications.

I get 'Connection to OIDC server is verified' when i click on Test OIDC Server as mentioned in the document below. https://goharbor.io/docs/1.10/administration/configure-authentication/oidc-auth/

this is the error log org.keycloak.events.jpa.EventEntity{clientId=harbor, realmID=proj, ipAddress=127.0.0.1, id = 52453..., sessionId=null, time=1720535234, error=invalid_user_credentials, type=LOGIN_ERROR, userId=null, detailsJson={"auth_method":"openid-connect","auth type":"code","response_type":"code","redirect_uri":"<harbor.testenv.com/c/oidc/callback>", "code_id":"42352345","response_mode":"query"}}

[samratdgreat]

additional error log x509 certificate is not available for mutual SSL. Unable to retrieve the 'x509_cert_subject_distinguished_name' from the session mode.

So it means the userDn=null

[stonezdj]

Harbor doesn't verify the username and password, it just redirect the login request to the auth provider. If it is an issue related to Harbor, could you please provide the harbor-core log when login failed?