Yes, those are the correct URLs. The URLs from the blog post you are referring to are deprecated as they where not following the spec. BTW the following endpoint lists all URLs for OIDC, we're also improving the docs around this soon: http://localhost:8080/auth/realms/<REALM NAME>/.well-known/openid-configuration On 19 May 2016 at 09:18, Charles Moulliard <cmoullia(a)redhat.com&gt; wrote: > Hi, > > According to Openshift Doc ( > https://docs.openshift.com/enterprise/3.0/admin_guide/configuring_authent...) > and this blog article ( > http://blog.keycloak.org/2015/06/openshift-ui-console-authentication.html > ), we can integrate Keycloak as IdentiyProvider with Openshift. > > So, I have configured the master-config.yaml to use Keycloak 1.9.4.Final > as Identity Provider. See hereafter the config > > oauthConfig: >> >> alwaysShowProviderSelection: false >> >> assetPublicURL: https://192.168.99.100:8443/console/ >> >> grantConfig: >> >> method: auto >> >> identityProviders: >> >> - challenge: true >> >> login: true >> >> name: keycloak >> >> provider: >> >> apiVersion: v1 >> >> kind: OpenIDIdentityProvider >> >> ca: keycloak-ca.cert >> >> clientID: openshift >> >> clientSecret: fbde8b27-3342-4494-b3a3-7db645e9dfe5 >> >> claims: >> >> id: >> >> - sub >> >> preferredUsername: >> >> - preferred_username >> >> name: >> >> - name >> >> email: >> >> - email >> >> urls: >> >> authorize: >>> https://192.168.1.80:8443/auth/realms/openshift/tokens/login >> >> token: >>> https://192.168.1.80:8443/auth/realms/openshift/tokens/access/codes >> >> > But, when I try to log on to the Openshift console, I'm redirected to > Keycloak Server which returns this Error 404 > > --> GET > https://192.168.1.80:8443/auth/realms/openshift/tokens/login?client_id=op... > 404 (Not Found) > > According to this thread ( > http://stackoverflow.com/questions/28658735/what-are-keycloaks-oauth2-ope... > ), the urls to be used are these > > authorize: > https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth > token: > https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/t... > > FYI, I can get a token --> > > curl -k -s -X POST >> https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/t... -H >> "Content-Type: application/x-www-form-urlencoded" -d 'username=test-user' >> -d 'password=password' -d 'grant_type=password' -d 'client_id=openshift' -d >> 'client_secret=fbde8b27-3342-4494-b3a3-7db645e9dfe5' | jq -r '.access_token' >> eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1ODExNGExZi1mMTQwLTQwYTctODAwOS1hNGU2 > > > Can you confirm that the correct urls to be used are ? > > authorize: > https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/auth > token: > https://192.168.1.80:8443/auth/realms/openshift/protocol/openid-connect/t... > > Regards, > > Charles > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >