Closed wopl closed 3 years ago
Hi @wopl . What's the redirect url you have configured within Keycloak for your Traefik client?
In my Keycloak deployment the Traefik client (that used for the forward auth) has a redirect url of https://auth.mydomain.io/_oauth
. This matches the auth.mydomain.io
hostname that is configured for the Ingress Route, see https://github.com/sleighzy/k3s-traefik-forward-auth-openid-connect/blob/master/005-ingressroute.yaml#L13. The /_oauth
path comes from the default "Callback URL Path" setting for the thomseddon/traefik-forward-auth container. You can see this in his README file (https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md) for the --url-path
argument or $URL_PATH
environment variable.
I hadn't explicitly included in my configuration or README, but should do so to provide more information, I'll update my README for this.
In my Keycloak deployment the Traefik client (that used for the forward auth) has a redirect url of https://auth.mydomain.io/_oauth.
The auth.mydomain.io
isn't literally my hostname just to be clear, I do actually have a proper domain name that points to my services. You would replace that with your own actual DNS name.
Just replace auth.mydomain.io
with the hostname that is actually used in your ingress route by Traefik to direct that traffic to the traefik-forward-auth
service.
Hi @wopl , all sorted now? Ok if I close this issue?
Hi, thanks a lot for sharing your code. According to your source, I implemented it, but get back a response from Keycloak:
We are sorry... Invalid parameter: redirect_uri
Could you guide me, how a redirect_uri could look like? I tested like
http://traefik-forward-auth.default:4181
(yes, my namespace is default for now, traefik, keycloak and your container are all inside one kubernetes), but was not successfull. I also tried an external accesshttps://auth.mydomain
with the same result. Really would appreciate, if you can guide me, how the redirect_uri should look like. Thanks, Wolfram