search

loculus-project / loculus

An open-source software package to power microbial genomic databases
https://loculus.org
GNU Affero General Public License v3.0
37 stars 2 forks source link

wip: Keycloak 26 (without keycloakify) #3266

Open corneliusroemer opened 1 day ago

corneliusroemer commented 1 day ago

relates to #1221

preview URL: https://kc26.loculus.org

Summary

Getting keycloak ready, now just waiting for keycloakify. One can already use as is, keycloakify is just for the looks (and the checkbox). Even registration still works!

Screenshot

Can already be used, just the login theme is missing. Everything else looks great.

~Weird that E2E tests fail on this but it works in practice.~ That's because we're using the non-26 ready theme here, stupid me.

{"level":"error","message":"Failed to reach Keycloak server at http://localhost:8083/realms/loculus","timestamp":"2024-11-21T22:48:13.521Z"}
image

PR Checklist

corneliusroemer commented 12 hours ago

Maybe something about our login/cookie fixture setup for E2E is no longer permitted in kc 26:

│ 2024-11-22 00:15:19,453 WARN  [org.keycloak.cookie.DefaultCookieProvider] (executor-thread-4) Non-secure context detected; cookies are not secured, and will not be available in cross-or │
│ igin POST requests                                                                                                                                                                        │
│ 2024-11-22 00:16:57,407 WARN  [org.keycloak.events] (executor-thread-8) type="RESTART_AUTHENTICATION_ERROR", realmId="695644c0-0ed1-48cf-994e-cde060e91d99", realmName="loculus", clientI │
│ d="backend-client", userId="null", ipAddress="10.42.0.1", error="expired_code", restart_after_timeout="true"

Login doesn't seem to work (keycloak itself is fine).

Website logs say this:

{"instance":"LoginMiddleware","level":"debug","message":"Trying to get token and user info from cookie","timestamp":"2024-11-22T00:17:07.486Z"}
{"instance":"LoginMiddleware","level":"debug","message":"Verifying token","timestamp":"2024-11-22T00:17:07.486Z"}
{"instance":"LoginMiddleware","level":"debug","message":"Error verifying token: AggregateError","timestamp":"2024-11-22T00:17:07.488Z"}
{"instance":"LoginMiddleware","level":"info","message":"Error verifying token: ","timestamp":"2024-11-22T00:17:07.488Z"}
{"instance":"LoginMiddleware","level":"debug","message":"Trying to get token and user info from params","timestamp":"2024-11-22T00:17:07.488Z"}
{"instance":"LoginMiddleware","level":"debug","message":"Keycloak callback params: {\"code\":[\"6c27848d-dd9c-4c66-b812-e2d1acbe2fe0.95c84d64-c90a-4957-83a0-987b905500c5.b11df7c0-b788-46a5-9193-66af40528583\",\"335def39-8565-4126-958b-ad07dc6dd7a6.95c84d64-c90a-4957-83a0-987b905500c5.b11df7c0-b788-46a5-9193-66af40528583\"],\"iss\":[\"http://localhost:8083/realms/loculus\",\"http://localhost:8083/realms/loculus\"],\"session_state\":[\"95c84d64-c90a-4957-83a0-987b905500c5\",\"95c84d64-c90a-4957-83a0-987b905500c5\"]}","timestamp":"2024-11-22T00:17:07.488Z"}
{"instance":"LoginMiddleware","level":"debug","message":"Keycloak callback redirect uri: http://localhost:3000/","timestamp":"2024-11-22T00:17:07.489Z"}
{"instance":"LoginMiddleware","level":"info","message":"Keycloak callback error: RPError: iss mismatch, expected http://localhost:8083/realms/loculus, got: [\n  'http://localhost:8083/realms/loculus',\n  'http://localhost:8083/realms/loculus'\n]","timestamp":"2024-11-22T00:17:07.489Z"}
{"instance":"LoginMiddleware","level":"error","message":"Error extracting token cookie from token set","timestamp":"2024-11-22T00:17:07.489Z"}