Support full url in keycloakurl
thosil opened this issue · 6 comments
Hello,
I'm trying to use your plugin with a service declared in a docker-compose.yml, but can't get it do something, the service is still "open" as before adding the plugin.
So I'm probably doing something wrong.
Here's my config
version: "3.9"
services:
traefik:
image: traefik:v2.10
hostname: "rp"
command:
- --global.checknewversion=false
- --log=true
- --log.level=DEBUG
...
- --experimental.plugins.keycloakopenid.modulename=github.com/Gwojda/keycloakopenid
- --experimental.plugins.keycloakopenid.version=v0.1.17
...
flower:
image: flower
hostname: "flower"
env_file: .env
deploy:
mode: replicated
replicas: 1
labels:
- traefik.enable=true
- traefik.http.routers.flower.rule=HostNI(`*`)
- traefik.http.routers.flower.rule=PathPrefix(`/flower/`)
- traefik.http.routers.flower.entrypoints=https
- traefik.http.services.flower.loadbalancer.server.port=5555
- traefik.http.routers.flower.priority=50
- traefik.http.routers.flower.tls=true
- traefik.http.middlewares.flower.plugin.keycloakopenid.clientid=flower
- traefik.http.middlewares.flower.plugin.keycloakopenid.clientsecret=********
- traefik.http.middlewares.flower.plugin.keycloakopenid.keycloakurl=https://******/auth/
- traefik.http.middlewares.flower.plugin.keycloakopenid.keycloakreaml=test-realm
.... I saw the config options in the sources, btw there's a typo in KeycloakReaml
Do you see what could be wrong in my config?
Thank you
Hello,
When you commented, i was still working on it.
Looks good now on my side, can you please retry ? i've also update the documentation on traefik side
Also, what is your current version of traefik ? I'm using the last one and i know path url has changed. For exemple, i'm using keycloak.domain.com as url, not keycloak.domain.com/auth
Hi @Gwojda sorry for the delay.
I got it working, it was just a configuration issue in the docker-compose.yml.
On the service you have to declare which plugin(s) you'll use, then configure them either on the service or elsewhere (I guess to be able to reuse a config):
services:
my-service:
image: nginx:alpine
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.my-service.rule=HostSNI(`*`)
- traefik.http.routers.my-service.rule=PathPrefix(`/`)
- traefik.http.routers.my-service.entrypoints=https
- traefik.http.services.my-service.loadbalancer.server.port=80
- traefik.http.routers.my-service.priority=1
- traefik.http.routers.my-service.tls=true
- traefik.http.routers.my-service.middlewares=withauth
- traefik.http.middlewares.withauth.plugin.keycloakopenid.clientid=traefik-test
- traefik.http.middlewares.withauth.plugin.keycloakopenid.clientsecret=*******
- traefik.http.middlewares.keycloakopenid.plugin.keycloakopenid.keycloakurl=keycloak.domain.com
- traefik.http.middlewares.keycloakopenid.plugin.keycloakopenid.keycloakrealm=test-realm
networks:
- traefik-test
I still have a problem with the keycloakurl parameter because I have a prefix "/auth" and the "/" is url encoded. In fact if you set "https://keycloak.domain.com/auth/" the plugin will try to redirect you to https://https%3A%2F%2Fkeycloak.domain.com%2Fauth%2F 😬 .
I think people will try to test, maybe with a keycloak running in dev mode without https, so maybe you should add https:// only if it's not yet set.
I didn't try specifying another port (ex :8443), it should probably be supported as well.
Thank you very much for doing this plugin :-)
Hi Thosil,
I don't have much time to devote to this plugin at the moment, but don't hesitate to fork the project and make a merge request, i'll review and merge it if it's ok
Thanks for your message,
Gautier :)