Open trugwaldsaenger opened 3 years ago
Maybe @dr0i can see some more specific errors in server logs. I can't fix things on server and it seems like a possible server configuration issue.
From the logs:
[auth_openidc:error] [pid 29943] [client xxx ] oidc_util_json_string_print: oidc_util_check_json_error: response contained an "error_description" entry with value: ""Invalid client secret"", ...
Doing a bit of research, seems keycloak's security mechanism. I couldn't find any hint in the configs, revisions nor copies. Is this somehow tied to the SSL cert of the domain (cert was updated last month or so)?
Did a shot in the dark by configuring OIDC_*
in oerworldmap/conf/vhost.conf
to the same values used at production.
Please test this.
It didn't help. I'm still getting the same error.
I have set the OIDC_CLIENT_SECRET in conf/vhost.conf
to the value found in:
https://beta.oerworldmap.org/auth ->Clients->account->Credential
I did register to test this myself. Login seems ok. But I got new error:
oidc_util_jwt_verify: parsing JWT failed: [src/jose.c:694: oidc_jwe_decrypt_impl]: encrypted JWT could not be decrypted with any of the 1 keys: error for last tried key is: crypto error
Seems related to https://stackoverflow.com/questions/61240827/mod-auth-openidc-and-cilogon. Is this an issue for you or is this ok ?
I could login with an existing user as well as register a new user. I did not receive the new error you mentioned. So from my side things look OK at the moment :-) !
I will ask some colleagues to do some additional testing...
I can login on beta now without errors. So I think for beta testing this is OK now. Thank you @dr0i .
@trugwaldsaenger in the future, we'll probably need to reinvest into deeper understanding of Keycloak (or once again move to a different identity provider)
Unable to login to beta. When trying to login I receive the message "Error:OpenID Connect Provider error: Error in handling response type."