search

nokia / kong-oidc

OIDC plugin for Kong
Apache License 2.0
454 stars 320 forks source link

accessing discovery url failed: connection refused #109

Open Ccampos93 opened 5 years ago

Ccampos93 commented 5 years ago

Hi @Trojan295,

I'm having trouble when using kong-oidc with keycloak. kong and keycloak are both running in docker containers in a server (192.168.1.123), keycloak configured to use port "8181:8080", and using ncarlier/kong:0.14.0

the problem is when I try to get to a service through kong, when typing in my local machine's browser http://192.168.1.123:8000/demo I get this message instead of redirecting to keycloak login page:

accessing discovery url (http://192.168.1.123:8181/auth/realms/demo-realm/.well-known/openid-configuration) failed: connection refused

this is my plugin configuration:

curl -X POST http://localhost:8001/plugins \
      -H 'Content-Type: application/x-www-form-urlencoded' \
      -H 'Cache-Control: no-cache' \
      --data "name=oidc" \
      --data "config.scope=openid" \
      --data "config.response_type=code" \
      --data "config.token_endpoint_auth_method=client_secret_post" \
      --data "config.ssl_verify=no" \
      --data "config.client_id=demo-client" \
      --data "config.discovery=http://192.168.1.123:8181/auth/realms/demo-realm/.well-known/openid-configuration" \
      --data "config.client_secret=$client_secret"
paichinger commented 4 years ago

Could you fix it? I'm having a very similar problem here...

Ccampos93 commented 4 years ago

I ended up using [JWT plugin] (https://docs.konghq.com/hub/kong-inc/jwt/)

paichinger commented 4 years ago

Thanks! I almost gave up, but in the meantime I got it working. I added this container to my docker compose: https://github.com/qoomon/docker-host It helps to access the docker host, just check out its readme to see how. I also had to add an entry to /etc/hosts so that my host machine can resolve the name "dockerhost". It's a bit clumsy, but works. Just ask me for further elaboration.

shusriva commented 2 years ago

@pjotre86 i am getting a similar kind of issue. My keycloak and Kong both are deployed in pods in kubernetes cluster. Somehow kong is not able to resolve the discovery url. i am getting below error. I'll be grateful to you if you help me in resolving this issue.

my keycloak is accessible at http://keycloak.com:8081 on my machine

accessing discovery url (http://keycloak.sample.com:8081/auth/realms/master/.well-known/openid-configuration) failed: [cosocket] DNS resolution failed: dns server error: 3 name error. Tried: ["(short)keycloak.sample.com:(na) - cache-miss","keycloak.sample.com.default.svc.cluster.local:33 - cache-miss/scheduled/querying/dns server error: 3 name error","keycloak.sample.com.svc.cluster.local:33 - cache-miss/scheduled/querying/dns server error: 
kong plugin configuration

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: oidc
config:
  client_id: nginx
  client_secret: 
  scope: openid
  realm: kong
  discovery: http://keycloak.sample.com:8081/auth/realms/master/.well-known/openid-configuration
plugin: oidc
chris-aeviator commented 2 years ago

this is very likely a networking / DNS issue in my view if you are using containers or non fqdn's