[keycloak-user] How to configure docker-v2 auth from the UI

Antoine Vianey antoine.vianey at gmail.com
Wed Apr 5 02:59:49 EDT 2017


Hello,


I'm trying to use the docker-v2 protocol from
https://issues.jboss.org/browse/KEYCLOAK-3592

>From the PR, I manage to have a running KC and I'm able to create a REALM
"docker-registry" with a docker-v2 client but authentication through docker
cli is not working :


The docker cli is making the request right :

GET
/auth/realms/docker/protocol/docker-v2/auth?account=###&client_id=docker&offline_token=true&service=docker-registry
HTTP/1.1
User-Agent: docker/17.03.1-ce go/go1.7.5 git-commit/c6d412e
kernel/4.4.0-71-generic os/linux arch/amd64
UpstreamClient(Docker-Client/17.03.1-ce (linux))
Authorization: Basic ##############
Accept-Encoding: gzip
Connection: close

but Keycloak answer with the HTML login page...
which lead to "Error response from daemon: Get http://registry/v2/: unable
to decode token response: invalid character '<' looking for beginning of
value"

I performed the following actions :

   - add "docker" realm
   - add "docker-registry" client
   - save (after setting * as valid redirect url)

I noticed that "BASIC authentication is configured for you realm. Since
docker auth requires HTTP Basic auth, this should be the only authenticator
configured for the realm hosting the docker registry client." but didn't
get it.

What step should I follow so that the docker cli request succesfully
retrieve a token instead of a login page ?

Can u help so it work with manual setup on clean realm ?


More information about the keycloak-user mailing list