Unable to integrate Keycloack SSO in cortex
yogeshgurjar127 opened this issue · 8 comments
Hello Team,
When trying to use single sign-on for Cortex this error message appears in the logs:
Below is my configuration file.
oauth {
name: oauth2
clientId: "cortex"
clientSecret: "Secret"
redirectUri: "http://localhost:9001/api/ssoLogin"
responseType: "code"
grantType: "authorization_code"
authorizationUrl: "http://X.X.X.X:8080/realms/openid/protocol/openid-connect/auth"
authorizationHeader: "Bearer"
tokenUrl: "http://X.X.X.X::8080/realms/openid/protocol/openid-connect/token"
userUrl: "http://X.X.X.X::8080/realms/openid/protocol/openid-connect/userinfo"
#scope: ["openid", "email"]
scope: "read:user"
userIdField: "email"
}
# Single-Sign On
sso {
# Autocreate user in database?
autocreate = true
# Autoupdate its profile and roles?
#autoupdate = false
# Autologin user using SSO?
autologin = true
#defaultRoles = []
# Name of mapping class from user resource to backend user ('simple' or 'group')
mapper = group
attributes {
login = "admin@admin.local"
name = "admin"
groups = "groups"
organization = "test"
}
defaultRoles = ["read"]
auth.sso.defaultOrganization = "test"
auth.sso.attributes.organization= "test"
groups {
mappings {
admin-profile-name = ["admin"]
editor-profile-name = ["write"]
reader-profile-name = ["read"]
}
}
mapper = testing
attributes {
login = "user"
name = "name"
roles = "read,analyze,orgadmin"
organization = "test"
}
defaultRoles = ["read"]
auth.sso.defaultOrganization = "test"
auth.sso.attributes.organization= "test"
}
}
Could you please point me in the right direction for configuration guidance?
Thanks in advance!
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Ubuntu |
| OS version (client) | 22 |
| Cortex version / git hash | 3.1.8-1 |
| Package Type | From source |
| Browser type & version | Chrome |
@To-om Can you please help me with this?
In the OAuth2 configuration the scope must be an array:
-scope: "read:user"
+scope: ["read:user"]Hello @To-om
I adjusted the scope in the configuration file, however now I am getting the below error. For your convenience, the error message is provided below.
{"type":"AuthenticationError","message":"Authentication failure"}
Can you please help me with this?
The scope seems to be incorrect. Check the documentation of your IdP and set the expected value. Have you tried the default value: scope: ["openid", "email"] ?
@To-om Yes, I already tried the default value of scope but still getting the same error.
Please find below conf details.
oauth2 {
clientId: "cortex"
clientSecret: "NnLadsgsgvssttlUzJKX4TnJS"
redirectUri: "http://localhost:9001/api/ssoLogin"
responseType: "code"
grantType: "authorization_code"
authorizationUrl: "http://X.X.X.X:8080/auth/realms/openid/protocol/openid-connect/auth"
authorizationHeader: "Bearer"
tokenUrl: "http://X.X.X.X:8080/auth/realms/openid/protocol/openid-connect/token"
userUrl: "http://X.X.X.X:8080/auth/realms/openid/protocol/openid-connect/userinfo"
#scope: ["read:user"]
scope: ["openid", "email"]
userIdField: "email"
}
}
@To-om Could you please assist me with this?
Hello @To-om
Could you please update on this issue?
@yogeshgurjar127 which version of Keycloak are you using? In later versions, I think beyond 18.0.0, the structure of the OpenID endpoints have changed.
As an example, in your case:
- From:
http://x.x.x.x:8080/auth/realms/openid/protocol/openid-connect/token - To
http://x.x.x.x:8080/realms/<YOUR REALM NAME>/protocol/openid-connect/token
You can view Keycloak's OpenID endpoints at http://x.x.x.x:8080/realms/<YOUR REALM NAME>/.well-known/openid-configuration or via the web UI Configure > Realm settings > Endpoints > OpenID Endpoint Configuration.
@rh0dy Thanks for the update.
I had successfully integrated keycloak with Cortex and it's working.