<div dir="ltr"><div>Yes, those are the correct URLs. The URLs from the blog post you are referring to are deprecated as they where not following the spec.</div><div><br></div><div>BTW the following endpoint lists all URLs for OIDC, we're also improving the docs around this soon:</div><a href="http://localhost:8080/auth/realms/">http://localhost:8080/auth/realms/</a><REALM NAME>/.well-known/openid-configuration<div><br></div><div><br><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 19 May 2016 at 09:18, Charles Moulliard <span dir="ltr"><<a href="mailto:cmoullia@redhat.com" target="_blank">cmoullia@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-weight:normal;line-height:22.4px;font-size:12.8px"><font color="#000000">Hi,</font></div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-weight:normal;line-height:22.4px;font-size:12.8px"><font color="#000000"><br></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-weight:normal;line-height:normal;font-size:12.8px"><font color="#000000" style="font-family:'Liberation Sans','Open Sans',sans-serif;line-height:22.4px">According to Openshift Doc (</font><font color="#000000" face="Liberation Sans, Open Sans, sans-serif"><span style="line-height:22.4px"><a href="https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authentication.html#OpenID" target="_blank">https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authentication.html#OpenID</a></span></font><span style="font-family:'Liberation Sans','Open Sans',sans-serif;line-height:22.4px;color:rgb(0,0,0)">) and this blog article (</span><font color="#000000" face="Liberation Sans, Open Sans, sans-serif"><span style="line-height:22.4px"><a href="http://blog.keycloak.org/2015/06/openshift-ui-console-authentication.html" target="_blank">http://blog.keycloak.org/2015/06/openshift-ui-console-authentication.html</a>)</span></font><span style="color:rgb(0,0,0);font-family:'Liberation Sans','Open Sans',sans-serif;line-height:22.4px">, we can integrate Keycloak as IdentiyProvider with Openshift. </span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-weight:normal;line-height:normal;font-size:12.8px"><span style="color:rgb(0,0,0);font-family:'Liberation Sans','Open Sans',sans-serif;line-height:22.4px"><br></span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-weight:normal;line-height:normal;font-size:12.8px"><span style="color:rgb(0,0,0);font-family:'Liberation Sans','Open Sans',sans-serif;line-height:22.4px">So, I have configured the master-config.yaml to use Keycloak 1.9.4.Final as Identity Provider. See hereafter the config</span></div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-weight:normal;line-height:22.4px;font-size:12.8px"><font color="#000000"><br></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-weight:normal;line-height:normal;font-size:12.8px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex;line-height:22.4px"><font color="#000000" face="Liberation Sans, Open Sans, sans-serif"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">oauthConfig:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> alwaysShowProviderSelection: false</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> assetPublicURL: <a href="https://192.168.99.100:8443/console/" target="_blank">https://192.168.99.100:8443/console/</a></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> grantConfig:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> method: auto</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> identityProviders:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> - challenge: true</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> login: true</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> name: keycloak</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> provider:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> apiVersion: v1</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> kind: OpenIDIdentityProvider</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> ca: keycloak-ca.cert</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> clientID: openshift</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> clientSecret: fbde8b27-3342-4494-b3a3-7db645e9dfe5</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> claims:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> id:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> - sub</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> preferredUsername:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> - preferred_username</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> name:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> - name</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> email:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> - email</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> urls:</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> authorize: <a href="https://192.168.1.80:8443/auth/realms/openshift/tokens/login" target="_blank">https://192.168.1.80:8443/auth/realms/openshift/tokens/login</a></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"> token: <a href="https://192.168.1.80:8443/auth/realms/openshift/tokens/access/codes" target="_blank">https://192.168.1.80:8443/auth/realms/openshift/tokens/access/codes</a></blockquote></font></blockquote></div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-weight:normal;line-height:22.4px;font-size:12.8px"><font color="#000000"><br></font></div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-weight:normal;line-height:22.4px;font-size:12.8px"><font color="#000000">But, when I try to log on to the Openshift console, I'm redirected to Keycloak Server which returns this Error 404 </font></div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-weight:normal;line-height:22.4px;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-weight:normal;line-height:normal;font-size:12.8px"><font color="#000000"><font face="Liberation Sans, Open Sans, sans-serif"><span style="line-height:22.4px">--> </span></font></font><font color="#000000" face="Liberation Sans, Open Sans, sans-serif"><span style="line-height:22.4px">GET <a href="https://192.168.1.80:8443/auth/realms/openshift/tokens/login?client_id=open" target="_blank">https://192.168.1.80:8443/auth/realms/openshift/tokens/login?client_id=open</a>…YlMjUyRjE5Mi4xNjguOTkuMTAwJTI1M0E4NDQzJTI1MkZjb25zb2xlJTI1MkZvYXV0aA%3D%3D 404 (Not Found)</span></font></div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-weight:normal;line-height:22.4px;font-size:12.8px"><font color="#000000"><br></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-weight:normal;line-height:normal;font-size:12.8px"><font color="#000000" style="font-family:'Liberation Sans','Open Sans',sans-serif;line-height:22.4px">According to this thread (</font><font color="#000000" face="Liberation Sans, Open Sans, sans-serif"><span style="line-height:22.4px"><a href="http://stackoverflow.com/questions/28658735/what-are-keycloaks-oauth2-openid-connect-endpoints" target="_blank">http://stackoverflow.com/questions/28658735/what-are-keycloaks-oauth2-openid-connect-endpoints</a>)</span></font><span style="font-family:'Liberation Sans','Open Sans',sans-serif;line-height:22.4px;color:rgb(0,0,0)">, the urls to be used are these</span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-weight:normal;line-height:normal;font-size:12.8px"><span style="font-family:'Liberation Sans','Open Sans',sans-serif;line-height:22.4px;color:rgb(0,0,0)"><br></span></div><div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-size:12.8px;font-weight:normal;line-height:22.4px"><font color="#000000"> authorize: <a href="https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth" target="_blank">https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth</a></font></div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-size:12.8px;font-weight:normal;line-height:22.4px"><font color="#000000"> token: <a href="https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token" target="_blank">https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token</a></font></div><div style="color:rgb(34,34,34);font-family:'Liberation Sans','Open Sans',sans-serif;font-size:12.8px;font-weight:normal;line-height:22.4px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-weight:normal;line-height:normal"><font face="Liberation Sans, Open Sans, sans-serif" color="#000000"><span style="line-height:22.4px">FYI, I can get a token --></span></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-weight:normal;line-height:normal"><font face="Liberation Sans, Open Sans, sans-serif" color="#000000"><span style="line-height:22.4px"><br></span></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-weight:normal;line-height:normal"><font face="Liberation Sans, Open Sans, sans-serif" color="#000000"><span style="line-height:22.4px"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">curl -k -s -X POST <a href="https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token" target="_blank">https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token</a> -H "Content-Type: application/x-www-form-urlencoded" -d 'username=test-user' -d 'password=password' -d 'grant_type=password' -d 'client_id=openshift' -d 'client_secret=fbde8b27-3342-4494-b3a3-7db645e9dfe5' | jq -r '.access_token'<br>eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1ODExNGExZi1mMTQwLTQwYTctODAwOS1hNGU2</blockquote><div> </div></span></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-weight:normal;line-height:normal"><font face="Liberation Sans, Open Sans, sans-serif" color="#000000"><span style="line-height:22.4px">Can you confirm that the correct urls to be used are ?</span></font></div><div><font color="#000000" face="Liberation Sans, Open Sans, sans-serif"><span style="font-size:12.8px;line-height:22.4px"><div><br></div><div> authorize: <a href="https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth" target="_blank">https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth</a></div><div> token: <a href="https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token" target="_blank">https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token</a></div></span></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-weight:normal;line-height:normal"><font face="Liberation Sans, Open Sans, sans-serif" color="#000000"><span style="line-height:22.4px"><br></span></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-weight:normal;line-height:normal"><font face="Liberation Sans, Open Sans, sans-serif" color="#000000"><span style="line-height:22.4px">Regards,</span></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-weight:normal;line-height:normal"><font color="#4a4a4a" face="Liberation Sans, Open Sans, sans-serif"><span style="line-height:22.4px"><b><br></b></span></font></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-weight:normal;line-height:normal"><font face="Liberation Sans, Open Sans, sans-serif" color="#000000"><span style="line-height:22.4px">Charles</span></font></div></div><font color="#4a4a4a" face="Liberation Sans, Open Sans, sans-serif"><b><span style="line-height:22.4px"></span></b></font></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>