[keycloak-user] How to configure docker-v2 auth from the UI

Marko Strukelj mstrukel at redhat.com
Wed Apr 5 05:13:18 EDT 2017


See my comment in the docs pull request:
https://github.com/keycloak/keycloak-documentation/pull/55/files#r107408627

There was a slight change since then - the authenticator to use is not
'HTTP Basic Authentication' but'Docker Authenticator'.

On Wed, Apr 5, 2017 at 8:59 AM, Antoine Vianey <antoine.vianey at gmail.com>
wrote:

> Hello,
>
>
> I'm trying to use the docker-v2 protocol from
> https://issues.jboss.org/browse/KEYCLOAK-3592
>
> >From the PR, I manage to have a running KC and I'm able to create a REALM
> "docker-registry" with a docker-v2 client but authentication through docker
> cli is not working :
>
>
> The docker cli is making the request right :
>
> GET
> /auth/realms/docker/protocol/docker-v2/auth?account=###&
> client_id=docker&offline_token=true&service=docker-registry
> HTTP/1.1
> User-Agent: docker/17.03.1-ce go/go1.7.5 git-commit/c6d412e
> kernel/4.4.0-71-generic os/linux arch/amd64
> UpstreamClient(Docker-Client/17.03.1-ce (linux))
> Authorization: Basic ##############
> Accept-Encoding: gzip
> Connection: close
>
> but Keycloak answer with the HTML login page...
> which lead to "Error response from daemon: Get http://registry/v2/: unable
> to decode token response: invalid character '<' looking for beginning of
> value"
>
> I performed the following actions :
>
>    - add "docker" realm
>    - add "docker-registry" client
>    - save (after setting * as valid redirect url)
>
> I noticed that "BASIC authentication is configured for you realm. Since
> docker auth requires HTTP Basic auth, this should be the only authenticator
> configured for the realm hosting the docker registry client." but didn't
> get it.
>
> What step should I follow so that the docker cli request succesfully
> retrieve a token instead of a login page ?
>
> Can u help so it work with manual setup on clean realm ?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list