Upgrading to alerta 9.0.0 breaks keycloak integration regardless of `/auth` path

Question

Upgrading to alerta 9.0.0 breaks keycloak integration regardless of `/auth` path

Opened this issue a year ago · 6 comments

Issue Summary

After upgrading to alerta 9.0.0 login via keycloak is not working anymore. We run Keycloak 19 on Wildfly (which still has the /auth path which has only been removed on the quarkus distribution).

If we set the keycloak url to https://keycloak.intern the API will fail to start.

If we set the keycloak url to https://keycloak.intern/auth the API will start but the login button will redirect to https://keycloak.intern/auth/auth and login will fail.

We worked around the issue by specifying the generic openid auth provider.

Environment

OS: Linux
API version: 9.0.0
Deployment: Docker/Kubernetes

Answer 1 · 2023-12-22T12:27:29.000Z

I guess this is a dup of #1680 that is fixed in #1683

Answer 2 · 2023-12-22T12:37:46.000Z

@hyberdk Are you sure? This commit should have been in the version we are using but our installation still broke?

Answer 3 · 2023-12-22T12:59:58.000Z

not 100% :-)
I will reopen it again.. We probably needs Nicks input here, he knows best..

Answer 4 · 2024-04-18T09:53:01.000Z

Hi.
We are running 9.0.1 and keycloak auth doesn't work.
Url is set to:
KEYCLOAK_URL = 'https://mykeycloak.com'
No path.
And still /auth/ is being appended:

@satterly ?

Answer 5 · 2024-04-18T10:03:17.000Z

@maksimse Yes, that bug is still not fixed. As a workaround we switched to the OIDC configuration:

-  AUTH_PROVIDER: 'keycloak'
-  KEYCLOAK_URL: 'https://keycloak.our.domain'
-  KEYCLOAK_REALM: 'ourrealm'
+  AUTH_PROVIDER: 'openid'
+  OIDC_ISSUER_URL: 'https://keycloak.our.domain/realms/ourrealm'

Answer 6 · 2024-04-18T10:20:58.000Z

@bo0ts , thank you very much! It works.