Upgrading to alerta 9.0.0 breaks keycloak integration regardless of `/auth` path
Opened this issue · 6 comments
Issue Summary
After upgrading to alerta 9.0.0 login via keycloak is not working anymore. We run Keycloak 19 on Wildfly (which still has the /auth
path which has only been removed on the quarkus distribution).
If we set the keycloak url to https://keycloak.intern
the API will fail to start.
If we set the keycloak url to https://keycloak.intern/auth
the API will start but the login button will redirect to https://keycloak.intern/auth/auth
and login will fail.
We worked around the issue by specifying the generic openid auth provider.
Environment
- OS: Linux
- API version: 9.0.0
- Deployment: Docker/Kubernetes
@hyberdk Are you sure? This commit should have been in the version we are using but our installation still broke?
not 100% :-)
I will reopen it again.. We probably needs Nicks input here, he knows best..
Hi.
We are running 9.0.1 and keycloak auth doesn't work.
Url is set to:
KEYCLOAK_URL = 'https://mykeycloak.com'
No path.
And still /auth/ is being appended:
@satterly ?
@maksimse Yes, that bug is still not fixed. As a workaround we switched to the OIDC configuration:
- AUTH_PROVIDER: 'keycloak'
- KEYCLOAK_URL: 'https://keycloak.our.domain'
- KEYCLOAK_REALM: 'ourrealm'
+ AUTH_PROVIDER: 'openid'
+ OIDC_ISSUER_URL: 'https://keycloak.our.domain/realms/ourrealm'