[Keycloak Error] User cannot be authenticated

[kodok-jr]

can you explain step by step about this? "How to implement my Model?

We registered a new user provider that you configured on config/auth.php called "keycloak-users".

In this same configuration you setted the model. So you can register your own model extending Vizir\KeycloakWebGuard\Models\KeycloakUser class and changing this configuration.

You can implement your own User Provider: just remember to implement the retrieveByCredentials method receiving the Keycloak Profile information to retrieve a instance of model.

Eloquent/Database User Provider should work well as they will parse the Keycloak Profile and make a "where" to your database. So your user data must match with Keycloak Profile."

coz, i have error this [Keycloak Error] User cannot be authenticated

[mariovalney]

Hi.

You can check our own model to create yours: src/Models/KeycloakUser.php.

And the official documentation to understand how authentication works: Authentication.

About your error, check here if you are receiving the Keycloak Profile info.

[kodok-jr]

Illuminate\Contracts\Container\BindingResolutionException Unresolvable dependency resolving [Parameter #0 [ array $profile ]] in class Vizir\KeycloakWebGuard\Models\KeycloakUser

My auth.php

'guards' => [ 'web' => [ 'driver' => 'keycloak-web', 'provider' => 'users', ], ], 'providers' => [ 'users' => [ 'driver' => 'keycloak-users', 'model' => App\User::class, ], ],

My User Model

class User extends KeycloakUser implements MustVerifyEmail { use Notifiable, SoftDeletes, RolevelModelTrait, SingleTableInheritanceTrait;

protected $table = 'users';

/**
 * Single Tables Inheritance
 * =========================
 * extends to model Internal & External
 */
protected static $singleTableTypeField = 'type';
protected static $singleTableSubclasses = [Internal::class, External::class];

/**
 * Get the email address that should be used for verification.
 *
 * @return string
 */
public function getEmailForVerification()
{
    return $this->email;
}
/**
 * Determine if the user has verified their email address.
 *
 * @return bool
 */
public function hasVerifiedEmail()
{
    return ! is_null($this->email_verified_at);
}

/**
 * Mark the given user's email as verified.
 *
 * @return bool
 */
public function markEmailAsVerified()
{
    return $this->forceFill([
        'email_verified_at' => $this->freshTimestamp(),
    ])->save();
}

/**
 * Send the email verification notification.
 *
 * @return void
 */
public function sendEmailVerificationNotification()
{
    $this->notify(new VerifyEmail);
}

/**
 * The attributes that are mass assignable.
 *
 * @var array
 */
protected $fillable = [
    'username', 'email', 'password',
    'name', 'nip', 'nik', 'no_kk',
    'phone', 'address', 'gender', 'avatar',
    'client_type', 'instance_id',
    'is_verified', 'verification_token',
    'type', 'state'
];

/**
 * The attributes that should be hidden for arrays.
 *
 * @var array
 */
protected $hidden = [
    'password', 'remember_token'
];

/**
 * Exception for enum type data only Internal table
 */
protected $enums = [
    'client_type' => Internal::class.':nullable',
];

/**
 * The attributes that should be cast to native types.
 *
 * @var array
 */
protected $casts = [
    'email_verified_at' => 'datetime',
    // 'created_at' => 'datetime:j M Y H:i',
    'created_at' => 'datetime:j M Y',
    // 'created_at' => 'datetime:d/m/Y'
];

/**
 * users statuses
 */
protected $states = [
    'submitted',
    'approved',
    'rejected',
    'banned',
    'expired'
];

public function get_states()
{
    return $this->states;
}

/**
 * attributes parameter users button status
 */
public $stateButton = [
    'Submitted' => [
        [
            'status' => 'approved',
            'text-permission' => 'approve',
            'text-button' => 'Approve',
            'text-title' => 'Approval',
            'color' => 'success'
        ],
        [
            'status' => 'rejected',
            'text-permission' => 'reject',
            'text-button' => 'Reject',
            'text-title' => 'Rejection',
            'color' => 'danger'
        ],
    ],
    'Approved' => [
        [
            'status' => 'banned',
            'text-permission' => 'banned',
            'text-button' => 'Ban',
            'text-title' => 'Banned',
            'color' => 'danger'
        ],
    ],
    'Rejected' => [],
    'Banned' => [],
    'Expired' => []
];

/**
 * attributes color status (for css class)
 */
public $statusColor = [
    'Submitted' => 'secondary',
    'Approved' => 'success',
    'Rejected' => 'danger',
    'Banned' => 'danger',
    'Expired' => 'warning'
];

/**
 * User Observer
 */
protected static function boot()
{
    parent::boot();
    static::observe(UserObserver::class);
}

/**
 * Role Relation
 */
public function roles () {
    return $this->belongsToMany(config('rolevel.models.roles'), 'role_user', 'user_id', 'role_id');
}

public function role(){
    return $this->roles()->first();
}

/**
 * Instance Relation
 */
public function instance(){
    return $this->belongsTo(Instance::class);
}

/**
 * System Relation
 */
public function systems(){
    return $this->hasMany(System::class, 'user_id');
}

/**
 * Attributes string UCwords for view value
 */
public function getNameAttribute($value)
{
    return ucwords($value);
}
public function getStateAttribute($value)
{
    return ucwords($value);
}

/**
 * Attributes string lowercase for record value
 */
public function setNameAttribute($value)
{
    $this->attributes['name'] = strtolower($value);
}
public function setStateAttribute($value)
{
    $this->attributes['state'] = strtolower($value);
}

/**
 * Attributes Table Fields DataTable for Client Requests Integration System
 * */
public function getClientRequestSystemTableFieldAttribute(){
    return [ __('System Name'), __('Environment'), __('Public IP'), __('Time Frame'), __('Created At'), __('Status'), __('#') ];
}

/**
 * Attributes DataTable Options for Client Requests Integration System
 * */
public function getClientRequestSystemDataTableOptionAttribute(){
    return [
        'processing' => true,
        'serverSide' => true,
        'ajax' => route('admin.client.managements.integration.request.system.index'),
        'columns' => [
            ['data' => 'name', 'class' => 'text-left'],
            ['data' => 'env', 'class' => 'text-left'],
            ['data' => 'public_ip', 'class' => 'text-left'],
            ['data' => 'effective_date', 'class' => 'text-left'],
            ['data' => 'created_at', 'class' => 'text-left'],
            ['data' => 'state', 'class' => 'text-center'],
            ['data' => 'action', 'class' => 'text-right', 'orderable'=>false]
        ],
        'order' => [
            [4, 'desc']
        ],
        'filterColumn' => [
            'exclude' => [6],
        ]
    ];
}

}

My AuthServiceProvider

class AuthServiceProvider extends ServiceProvider { /**

• The policy mappings for the application.

• @var array */ protected $policies = [ // 'App\Model' => 'App\Policies\ModelPolicy', ];

  /**

• Register any authentication / authorization services.

• @return void */ public function boot() { $this->registerPolicies();

  Auth::provider('keycloak-users', function ($app, array $config) {
      // Return an instance of Illuminate\Contracts\Auth\UserProvider...
  
      return new KeycloakUser($app->make(User::class));
  });

  } }

KeycloakUser Model

class KeycloakUser implements Authenticatable { /**

• The attributes that are mass assignable.

• @var array */

  protected static $singleTableType = KeycloakUser::class;

  /**

• Attributes we retrieve from Profile

• @var array */ protected $fillable = [ 'name', 'email' ];

  /**

• User attributes

• @var array */ protected $attributes = [];

  /**

• Constructor

• @param array $profile Keycloak user info */ public function __construct(array $profile) { foreach ($profile as $key => $value) { if (in_array($key, $this->fillable)) { $this->attributes[ $key ] = $value; } }

  $this->id = $this->getKey();

  }

  /**

• Magic method to get attributes
• @param string $name

• @return mixed */ // public function __get(string $name) // { // return $this->attributes[ $name ] ?? null; // }

  /**

• Get the value of the model's primary key.

• @return mixed */ public function getKey() { return $this->email; }

  /**

• Get the name of the unique identifier for the user.

• @return string */ public function getAuthIdentifierName() { return 'email'; }

  /**

• Get the unique identifier for the user.

• @return mixed */ public function getAuthIdentifier() { return $this->email; }

  /**

• Check user has roles
• @see KeycloakWebGuard::hasRole()
• @param string|array $roles
• @param string $resource

• @return boolean */ public function hasRole($roles, $resource = '') { return Auth::hasRole($roles, $resource); }

  /**

• Get the password for the user.
• @return string

• @codeCoverageIgnore */ public function getAuthPassword() { throw new \BadMethodCallException('Unexpected method [getAuthPassword] call'); }

  /**

• Get the token value for the "remember me" session.
• @return string

• @codeCoverageIgnore */ public function getRememberToken() { throw new \BadMethodCallException('Unexpected method [getRememberToken] call'); }

  /**

• Set the token value for the "remember me" session.
• @param string $value

• @codeCoverageIgnore */ public function setRememberToken($value) { throw new \BadMethodCallException('Unexpected method [setRememberToken] call'); }

  /**

• Get the column name for the "remember me" token.
• @return string
• @codeCoverageIgnore */ public function getRememberTokenName() { throw new \BadMethodCallException('Unexpected method [getRememberTokenName] call'); } }

are you can help with this error, thanks ?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.