Yes, those are the correct URLs. The URLs from the blog post you are referring to are deprecated as they where not following the spec.

BTW the following endpoint lists all URLs for OIDC, we're also improving the docs around this soon:

http://localhost:8080/auth/realms/<REALM NAME>/.well-known/openid-configuration

On 19 May 2016 at 09:18, Charles Moulliard <cmoullia@redhat.com> wrote:

Hi,

According to Openshift Doc (https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authentication.html#OpenID) and this blog article (http://blog.keycloak.org/2015/06/openshift-ui-console-authentication.html), we can integrate Keycloak as IdentiyProvider with Openshift. 

So, I have configured the master-config.yaml to use Keycloak 1.9.4.Final as Identity Provider. See hereafter the config

oauthConfig:

  alwaysShowProviderSelection: false

  assetPublicURL: https://192.168.99.100:8443/console/

  grantConfig:

    method: auto

  identityProviders:

  - challenge: true

    login: true

    name: keycloak

    provider:

      apiVersion: v1

      kind: OpenIDIdentityProvider

      ca: keycloak-ca.cert

      clientID: openshift

      clientSecret: fbde8b27-3342-4494-b3a3-7db645e9dfe5

      claims:

        id:

        - sub

        preferredUsername:

        - preferred_username

        name:

        - name

        email:

        - email

      urls:

        authorize: https://192.168.1.80:8443/auth/realms/openshift/tokens/login

        token: https://192.168.1.80:8443/auth/realms/openshift/tokens/access/codes

But, when I try to log on to the Openshift console, I'm redirected to Keycloak Server which returns this Error 404 

--> GET https://192.168.1.80:8443/auth/realms/openshift/tokens/login?client_id=open…YlMjUyRjE5Mi4xNjguOTkuMTAwJTI1M0E4NDQzJTI1MkZjb25zb2xlJTI1MkZvYXV0aA%3D%3D 404 (Not Found)

According to this thread (http://stackoverflow.com/questions/28658735/what-are-keycloaks-oauth2-openid-connect-endpoints), the urls to be used are these

        authorize: https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth

        token: https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token

FYI, I can get a token -->

curl -k -s -X POST https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token  -H "Content-Type: application/x-www-form-urlencoded" -d 'username=test-user' -d 'password=password' -d 'grant_type=password' -d 'client_id=openshift' -d 'client_secret=fbde8b27-3342-4494-b3a3-7db645e9dfe5' | jq -r '.access_token'
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1ODExNGExZi1mMTQwLTQwYTctODAwOS1hNGU2

 

Can you confirm that the correct urls to be used are ?

        authorize: https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth

        token: https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/token

Regards,

Charles

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user