Re: [keycloak-user] Integrate Keycloak 1.9.4 with Openshift Origin

Friday, 20 May 2016

Yes, those are the correct URLs. The URLs from the blog post you are
referring to are deprecated as they where not following the spec.

BTW the following endpoint lists all URLs for OIDC, we're also improving
the docs around this soon:
http://localhost:8080/auth/realms/<REALM
NAME>/.well-known/openid-configuration

On 19 May 2016 at 09:18, Charles Moulliard <cmoullia(a)redhat.com&gt; wrote:

...
 Hi,

 According to Openshift Doc (

https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authent...)
 and this blog article (
 http://blog.keycloak.org/2015/06/openshift-ui-console-authentication.html),
 we can integrate Keycloak as IdentiyProvider with Openshift.

 So, I have configured the master-config.yaml to use Keycloak 1.9.4.Final
 as Identity Provider. See hereafter the config

 oauthConfig:
>
>   alwaysShowProviderSelection: false
>
>   assetPublicURL: https://192.168.99.100:8443/console/
>
>   grantConfig:
>
>     method: auto
>
>   identityProviders:
>
>   - challenge: true
>
>     login: true
>
>     name: keycloak
>
>     provider:
>
>       apiVersion: v1
>
>       kind: OpenIDIdentityProvider
>
>       ca: keycloak-ca.cert
>
>       clientID: openshift
>
>       clientSecret: fbde8b27-3342-4494-b3a3-7db645e9dfe5
>
>       claims:
>
>         id:
>
>         - sub
>
>         preferredUsername:
>
>         - preferred_username
>
>         name:
>
>         - name
>
>         email:
>
>         - email
>
>       urls:
>
>         authorize:
>> https://192.168.1.80:8443/auth/realms/openshift/tokens/login
>
>         token:
>> https://192.168.1.80:8443/auth/realms/openshift/tokens/access/codes
>
>
 But, when I try to log on to the Openshift console, I'm redirected to
 Keycloak Server which returns this Error 404

 --> GET

https://192.168.1.80:8443/auth/realms/openshift/tokens/login?client_id=op...
 404 (Not Found)

 According to this thread (

http://stackoverflow.com/questions/28658735/what-are-keycloaks-oauth2-ope...
 ), the urls to be used are these

         authorize:
 https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth
         token:
 https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/t...

 FYI, I can get a token -->

 curl -k -s -X POST
> https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/t...  -H
> "Content-Type: application/x-www-form-urlencoded" -d
'username=test-user'
> -d 'password=password' -d 'grant_type=password' -d
'client_id=openshift' -d
> 'client_secret=fbde8b27-3342-4494-b3a3-7db645e9dfe5' | jq -r
'.access_token'
> eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1ODExNGExZi1mMTQwLTQwYTctODAwOS1hNGU2

 Can you confirm that the correct urls to be used are ?

         authorize:
 https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth
         token:
 https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/t...

 Regards,

 Charles

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Integrate Keycloak 1.9.4 with Openshift Origin