sleighzy
commented
3 years ago Hi @wopl . What's the redirect url you have configured within Keycloak for your Traefik client?
In my Keycloak deployment the Traefik client (that used for the forward auth) has a redirect url of https://auth.mydomain.io/_oauth. This matches the auth.mydomain.io hostname that is configured for the Ingress Route, see https://github.com/sleighzy/k3s-traefik-forward-auth-openid-connect/blob/master/005-ingressroute.yaml#L13. The /_oauth path comes from the default "Callback URL Path" setting for the thomseddon/traefik-forward-auth container. You can see this in his README file (https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md) for the --url-path argument or $URL_PATH environment variable.
I hadn't explicitly included in my configuration or README, but should do so to provide more information, I'll update my README for this.
Hi, thanks a lot for sharing your code. According to your source, I implemented it, but get back a response from Keycloak:
We are sorry... Invalid parameter: redirect_uriCould you guide me, how a redirect_uri could look like? I tested like
http://traefik-forward-auth.default:4181(yes, my namespace is default for now, traefik, keycloak and your container are all inside one kubernetes), but was not successfull. I also tried an external accesshttps://auth.mydomainwith the same result. Really would appreciate, if you can guide me, how the redirect_uri should look like. Thanks, Wolfram