Replies: 7 comments
-
Hi, |
Beta Was this translation helpful? Give feedback.
-
I don't think I am getting to the point where there is relevant logging in Let's go over the setup.
Linshare and Keycloak are on different machines and are both behind an Apache reverse-proxy. The domain Log4j.properties fragment:
A fragment of the config of ui-user (
I left mobile oidc disabled for now, I just want to see it working from a browser first. According to Keycloak's documentation, it returns a Jwt-token, so I followed Fragment of linshare.properties:
This is the first issue! The redirection address is different. Apache on the Linshare host logged this for the redirect performed by Keycloak back to the Linshare application:
The bit As a result the
This will insert the This is what Linshared sent to Apache on
It looks like the missing uri fragment But assuming it had to be there, the rewrite workaround solves it and the token get sent to frontend user-ui. Unfortunately, it fails there with:
This is visible in browser error-console. The browser windows briefly returns an error saying: I have not been able yet to figure out how to solve this CORS issue. It is unclear where If I remove the rewrite workaround from the config of apache, things get worse: apache log on the Linshare server shows a 404:
And there is more to it: if Linshare would send a redirect url with Any help is welcome!
-- Kees. |
Beta Was this translation helpful? Give feedback.
-
Hello, Did you succeed to get the access token ? |
Beta Was this translation helpful? Give feedback.
-
Unfortunately without the uri fragment Fragment of the current apache conf:
What should be changed to make this work? -- Kees. |
Beta Was this translation helpful? Give feedback.
-
Hello, Configuration of Apache LinShare-ui-admin : <Directory /usr/local/apache2/htdocs/linshare-ui-admin/new>
Configuration Apache LinShare-ui-user : <Directory /usr/local/apache2/htdocs/linshare-ui-user> |
Beta Was this translation helpful? Give feedback.
-
Hi, |
Beta Was this translation helpful? Give feedback.
-
I am focusing on ui-user first, when that works it is time for ui-admin. Unfortunately, there is no improvement. Before I click on the SSO button, I get this in Linshare log:
That looks good, I see it gets redirected to Keycloak and handled there. After it returns to Linshare, I don't get any new logging in linshare.log. But I do get this line in apache log:
The browser windows briefly returns an error saying: Fragment of the current apache config:
|
Beta Was this translation helpful? Give feedback.
-
Hi all,
I am trying to make Keycloak work as OIDC for Linshare, but so far thatis unsuccessful.
Although I am sure I can make it work by using headers (and do the configuration in Apache), that has been marked as deprecated in the documentation. Therefor I am trying to follow the OIDC documentation for Lemonldap and Azure and make the best of it. But no success yet.
I see the calls to Keycloak are happening and successful (according to Keycloak's logs), however the Linshare user frontend returns "SSO authentication failed" while it keeps on showing a spinning wheel.
What is a good approach to debug this?
Or has anybody been able to configure Linshare + Keycloak OIDC successfully?
-- Kees.
Beta Was this translation helpful? Give feedback.
All reactions