Keycloak OpenID Connect does not work
Hello, I configured Keycloak as my OID Provider.
I run Coder in Docker and added these lines to it (Obviously configured):
But this throws the following error on startup:
Can someone might help me?
12 Replies
<#1278005745010344113>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
No one here to help me with this?
:dogelaugh:
Not sure it will help, but you are missing
CODER_OIDC_EMAIL_DOMAIN
.Helpful
I am familiar with the setting, but I don't understand how it is used and I think it is poorly documented.
Are these supposed to be the domains that are allowed to authenticate themselves via Keycloak?
I have never used such a setting in connection with Keycloak.
It is also pointless if each of my users has a different domain.
I agree. It is poorly documented. I believe it is a constraint (my best guess). You can add multiple domains to the value, and this constrains what email domains the users can have that are added to Coder via the first login process. If you have users with a bunch of different domains, you'd have to add them all here. There should also be a wild-card option for the use case of registering any and all domains, if so needed or wished for. As my project evolves, I'd need this too. But, as it is only my guess, it could also be completely wrong too. 😊
If you could, with your own user, add your email domain (the domain of the email you used to register in Keycloak) and see what happens. 🙂
Oh, and set
to see if the logs are more helpful. 🙂
CODER_OIDC_EMAIL_DOMAIN
defines which domains to allow in the user's email address
but yeah it is pretty poorly documented
did you set any subpath at the CODER_OIDC_ISSUER_URL
?
and yes, please set this environment variableI will try thank you
no. do i usualy have to?
But this url goes to my keycloak server on port 8080
Ok i get
So it is something with the
CODER_OIDC_ISSUER_URL
i guess.yes, when you define the app in keycloak it should give you the link to use
@Multigestern this should help you
https://apisix.apache.org/blog/2021/12/10/integrate-keycloak-auth-in-apisix/
API Gateway APISIX Integrates Keycloak for Authentication | Apache ...
This article shows you how to use OpenID-Connect protocol and Keycloak for identity authentication in API Gateway Apache APISIX through detailed steps.
the example is for APISIX but it explains that there is different links based on the realm that you use
Thank you so much!
Btw you dont need the CODER_OIDC_EMAIL_DOMAIN entry, if you dont want to restrict it by the email domain.